openstack/puppet-keystone
Code Issues Proposed changes

Add missing puppetdoc and lint all parameter documentation

Browse Source 
Un-pin puppet-lint gem and add puppet-lint-param-docs, this commit also
add missing puppetdoc and fixes lint issues.

Change-Id: I1eefc743c68c75eb54a65b3cc539922ef3a3b04d
This commit is contained in:
Sebastien Badia
2015-03-15 16:23:09 +01:00
parent b182ff0706
commit a3bdaad473
13 changed files with 836 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@@ -2,7 +2,7 @@ source 'https://rubygems.org'
group :development, :test do group :development, :test do
gem 'puppetlabs_spec_helper', :require => false gem 'puppetlabs_spec_helper', :require => false
gem 'puppet-lint', '~> 0.3.2' gem 'puppet-lint-param-docs'
gem 'rspec-puppet', '~> 1.0.1' gem 'rspec-puppet', '~> 1.0.1'
gem 'rake', '10.1.1' gem 'rake', '10.1.1'
end end

106
examples/ldap_full.pp
View File

@@ -16,57 +16,57 @@ class { 'keystone::roles::admin':
# "uid=bind,cn=users,cn=accounts,dc=example,dc=com" -w SecretPass \ # "uid=bind,cn=users,cn=accounts,dc=example,dc=com" -w SecretPass \
# -b cn=users,cn=accounts,dc=example,dc=com # -b cn=users,cn=accounts,dc=example,dc=com
class { 'keystone:ldap': class { 'keystone:ldap':
url => 'ldap://ldap.example.com:389', url => 'ldap://ldap.example.com:389',
user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com', user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
password => 'SecretPass', password => 'SecretPass',
suffix => 'dc=example,dc=com', suffix => 'dc=example,dc=com',
query_scope => 'sub', query_scope => 'sub',
user_tree_dn => 'cn=users,cn=accounts,dc=example,dc=com', user_tree_dn => 'cn=users,cn=accounts,dc=example,dc=com',
user_id_attribute => 'uid', user_id_attribute => 'uid',
user_name_attribute => 'uid', user_name_attribute => 'uid',
user_mail_attribute => 'mail', user_mail_attribute => 'mail',
user_allow_create => 'False', user_allow_create => 'False',
user_allow_update => 'False', user_allow_update => 'False',
user_allow_delete => 'False', user_allow_delete => 'False',
user_enabled_emulation => 'True', user_enabled_emulation => 'True',
user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com', user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com',
group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com', group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com',
group_objectclass => 'organizationalRole', group_objectclass => 'organizationalRole',
group_id_attribute => 'cn', group_id_attribute => 'cn',
group_name_attribute => 'cn', group_name_attribute => 'cn',
group_member_attribute => 'RoleOccupant', group_member_attribute => 'RoleOccupant',
group_desc_attribute => 'description', group_desc_attribute => 'description',
group_allow_create => 'True', group_allow_create => 'True',
group_allow_update => 'True', group_allow_update => 'True',
group_allow_delete => 'True', group_allow_delete => 'True',
project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com', project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com',
project_objectclass => 'organizationalUnit', project_objectclass => 'organizationalUnit',
project_id_attribute => 'ou', project_id_attribute => 'ou',
project_member_attribute => 'member', project_member_attribute => 'member',
project_name_attribute => 'ou', project_name_attribute => 'ou',
project_desc_attribute => 'description', project_desc_attribute => 'description',
project_allow_create => 'True', project_allow_create => 'True',
project_allow_update => 'True', project_allow_update => 'True',
project_allow_delete => 'True', project_allow_delete => 'True',
project_enabled_emulation => 'True', project_enabled_emulation => 'True',
project_enabled_emulation_dn=> 'cn=enabled,ou=openstack,dc=example,dc=com', project_enabled_emulation_dn => 'cn=enabled,ou=openstack,dc=example,dc=com',
role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com', role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com',
role_objectclass => 'organizationalRole', role_objectclass => 'organizationalRole',
role_id_attribute => 'cn', role_id_attribute => 'cn',
role_name_attribute => 'cn', role_name_attribute => 'cn',
role_member_attribute => 'roleOccupant', role_member_attribute => 'roleOccupant',
role_allow_create => 'True', role_allow_create => 'True',
role_allow_update => 'True', role_allow_update => 'True',
role_allow_delete => 'True', role_allow_delete => 'True',
identity_driver => 'keystone.identity.backends.ldap.Identity', identity_driver => 'keystone.identity.backends.ldap.Identity',
assignment_driver => 'keystone.assignment.backends.ldap.Assignment', assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
use_tls => 'True', use_tls => 'True',
tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
tls_req_cert => 'demand', tls_req_cert => 'demand',
use_pool => 'True', use_pool => 'True',
use_auth_pool => 'True', use_auth_pool => 'True',
pool_size => 5, pool_size => 5,
auth_pool_size => 5, auth_pool_size => 5,
pool_retry_max => 3, pool_retry_max => 3,
pool_connection_timeout => 120, pool_connection_timeout => 120,
} }

26
examples/ldap_identity.pp
View File

@@ -12,17 +12,17 @@ class { 'keystone::roles::admin':
# This was tested against a FreeIPA box, you will likely need to change the # This was tested against a FreeIPA box, you will likely need to change the
# attributes to match your configuration. # attributes to match your configuration.
class { 'keystone:ldap': class { 'keystone:ldap':
identity_driver => 'keystone.identity.backends.ldap.Identity', identity_driver => 'keystone.identity.backends.ldap.Identity',
url => 'ldap://ldap.example.com:389', url => 'ldap://ldap.example.com:389',
user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com', user => 'uid=bind,cn=users,cn=accounts,dc=example,dc=com',
password => 'SecretPass', password => 'SecretPass',
suffix => 'dc=example,dc=com', suffix => 'dc=example,dc=com',
query_scope => 'sub', query_scope => 'sub',
user_tree_dn => 'cn=users,cn=accounts,dc=example,dc=com', user_tree_dn => 'cn=users,cn=accounts,dc=example,dc=com',
user_id_attribute => 'uid', user_id_attribute => 'uid',
user_name_attribute => 'uid', user_name_attribute => 'uid',
user_mail_attribute => 'mail', user_mail_attribute => 'mail',
user_allow_create => 'False', user_allow_create => 'False',
user_allow_update => 'False', user_allow_update => 'False',
user_allow_delete => 'False' user_allow_delete => 'False'
} }

3
manifests/client.pp
View File

@@ -5,7 +5,8 @@
# === Parameters # === Parameters
# #
# [*ensure*] # [*ensure*]
# (optional) Ensure state of the package. Defaults to 'present'. # (optional) Ensure state of the package.
# Defaults to 'present'.
# #
class keystone::client ( class keystone::client (
$ensure = 'present' $ensure = 'present'

36
manifests/db/mysql.pp
View File

@@ -5,19 +5,39 @@
# #
# == parameters # == parameters
# #
# [password] Password that will be used for the keystone db user. # [*password*]
# Optional. Defaults to: 'keystone_default_password' # (Mandatory) Password to connect to the database.
# Defaults to 'false'.
# #
# [dbname] Name of keystone database. Optional. Defaults to keystone. # [*dbname*]
# (Optional) Name of the database.
# Defaults to 'keystone'.
# #
# [user] Name of keystone user. Optional. Defaults to keystone. # [*user*]
# (Optional) User to connect to the database.
# Defaults to 'keystone'.
# #
# [host] Host where user should be allowed all priveleges for database. # [*host*]
# Optional. Defaults to 127.0.0.1. # (Optional) The default source host user is allowed to connect from.
# Defaults to '127.0.0.1'
# #
# [allowed_hosts] Hosts allowed to use the database # [*allowed_hosts*]
# (Optional) Other hosts the user is allowed to connect from.
# Defaults to 'undef'.
# #
# [*mysql_module*] Deprecated. Does nothing. # [*charset*]
# (Optional) The database charset.
# Defaults to 'utf8'
#
# [*collate*]
# (Optional) The database collate.
# Only used with mysql modules >= 2.2.
# Defaults to 'utf8_unicode_ci'
#
# === Deprecated Parameters
#
# [*mysql_module*]
# (Optional) Does nothing.
# #
# == Dependencies # == Dependencies
# Class['mysql::server'] # Class['mysql::server']

6
manifests/dev/install.pp
View File

@@ -1,6 +1,12 @@
# #
# Installs keystone from source. This is not yet fully implemented # Installs keystone from source. This is not yet fully implemented
# #
# == Parameters
#
# [*source_dir*]
# (optional) The source dire for dev installation
# Defaults to '/usr/local/keystone'
#
# == Dependencies # == Dependencies
# == Examples # == Examples
# == Authors # == Authors

349
manifests/init.pp
View File

@@ -3,157 +3,232 @@
# #
# == Parameters # == Parameters
# #
# [package_ensure] Desired ensure state of packages. Optional. Defaults to present. # [*package_ensure*]
# accepts latest or specific versions. # (optional) Desired ensure state of packages.
# [client_package_ensure] Desired ensure state of the client package. Optional. Defaults to present. # accepts latest or specific versions.
# accepts latest or specific versions. # Defaults to present.
# [public_port]
# #
# [compute_port] # [*client_package_ensure*]
# (optional) DEPRECATED. The port for the compute service. # (optional) Desired ensure state of the client package.
# Defaults to 8774. # accepts latest or specific versions.
# Defaults to present.
# #
# [admin_port] # [*public_port*]
# [admin_port] Port that can be used for admin tasks. # (optional) Port that keystone binds to.
# [admin_token] Admin token that can be used to authenticate as a keystone # Defaults to '5000'
# admin. Required.
# [verbose] Rather keystone should log at verbose level. Optional.
# Defaults to False.
# [debug] Rather keystone should log at debug level. Optional.
# Defaults to False.
# [use_syslog] Use syslog for logging. Optional.
# Defaults to False.
# [log_facility] Syslog facility to receive log lines. Optional.
# [catalog_type] Type of catalog that keystone uses to store endpoints,services. Optional.
# Defaults to sql. (Also accepts template)
# [catalog_driver] Catalog driver used by Keystone to store endpoints and services. Optional.
# Setting this value will override and ignore catalog_type.
# [catalog_template_file] Path to the catalog used if catalog_type equals 'template'.
# Defaults to '/etc/keystone/default_catalog.templates'
# [token_provider] Format keystone uses for tokens. Optional.
# Defaults to 'keystone.token.providers.uuid.Provider'
# Supports PKI and UUID.
# [token_driver] Driver to use for managing tokens.
# Optional. Defaults to 'keystone.token.persistence.backends.sql.Token'
# [token_expiration] Amount of time a token should remain valid (seconds).
# Optional. Defaults to 3600 (1 hour).
# [revoke_driver] Driver for token revocation.
# Optional. Defaults to 'keystone.contrib.revoke.backends.sql.Revoke'
# [cache_dir] Directory created when token_provider is pki. Optional.
# Defaults to /var/cache/keystone.
# #
# [memcache_servers] # [*compute_port*]
# List of memcache servers in format of server:port. # (optional) DEPRECATED The port for compute servie.
# Used with token_driver 'keystone.token.backends.memcache.Token'. # Defaults to '8774'
# Optional. Defaults to false. Example: ['localhost:11211']
# #
# [cache_backend] # [*admin_port*]
# Dogpile.cache backend module. It is recommended that Memcache with pooling # (optional) Port that can be used for admin tasks.
# (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in production. # Defaults to '35357'
# This has no effects unless 'memcache_servers' is set.
# Optional. Defaults to 'keystone.common.cache.noop'
# #
# [cache_backend_argument] # [*admin_token*]
# List of arguments in format of argname:value supplied to the backend module. # Admin token that can be used to authenticate as a keystone
# Specify this option once per argument to be passed to the dogpile.cache backend. # admin. Required.
# This has no effects unless 'memcache_servers' is set.
# Optional. Default to undef.
# #
# [debug_cache_backend] # [*verbose*]
# Extra debugging from the cache backend (cache keys, get/set/delete calls). # (optional) Rather keystone should log at verbose level.
# This has no effects unless 'memcache_servers' is set. # Defaults to false.
# Optional. Default to false.
# #
# [token_caching] # [*debug*]
# Toggle for token system caching. This has no effects unless 'memcache_servers' is set. # (optional) Rather keystone should log at debug level.
# Optional. Default to true. # Defaults to False.
# #
# [enabled] If the keystone services should be enabled. Optional. Default to true. # [*use_syslog*]
# (optional) Use syslog for logging.
# Defaults to false.
# #
# [*database_connection*] # [*log_facility*]
# (optional) Url used to connect to database. # (optional) Syslog facility to receive log lines.
# Defaults to sqlite:////var/lib/keystone/keystone.db # Defaults to 'LOG_USER'.
# #
# [*database_idle_timeout*] # [*catalog_type*]
# (optional) Timeout when db connections should be reaped. # (optional) Type of catalog that keystone uses to store endpoints,services.
# Defaults to 200. # Defaults to sql. (Also accepts template)
# #
# [enable_pki_setup] Enable call to pki_setup to generate the cert for signing pki tokens and # [*catalog_driver*]
# revocation lists if it doesn't already exist. This generates a cert and key stored in file # (optional) Catalog driver used by Keystone to store endpoints and services.
# locations based on the signing_certfile and signing_keyfile paramters below. If you are # Setting this value will override and ignore catalog_type.
# providing your own signing cert, make this false. # Defaults to false.
# [signing_certfile] Location of the cert file for signing pki tokens and revocation lists.
# Optional. Note that if this file already exists (i.e. you are providing your own signing cert),
# the file will not be overwritten, even if enable_pki_setup is set to true.
# Default: /etc/keystone/ssl/certs/signing_cert.pem
# [signing_keyfile] Location of the key file for signing pki tokens and revocation lists. Optional.
# Note that if this file already exists (i.e. you are providing your own signing cert), the file
# will not be overwritten, even if enable_pki_setup is set to true.
# Default: /etc/keystone/ssl/private/signing_key.pem
# [signing_ca_certs] Use this CA certs file along with signing_certfile/signing_keyfile for
# signing pki tokens and revocation lists. Optional. Default: /etc/keystone/ssl/certs/ca.pem
# [signing_ca_key] Use this CA key file along with signing_certfile/signing_keyfile for signing
# pki tokens and revocation lists. Optional. Default: /etc/keystone/ssl/private/cakey.pem
# #
# [*signing_cert_subject*] # [*catalog_template_file*]
# (optional) Path to the catalog used if catalog_type equals 'template'.
# Defaults to '/etc/keystone/default_catalog.templates'
#
# [*token_provider*]
# (optional) Format keystone uses for tokens.
# Defaults to 'keystone.token.providers.uuid.Provider'
# Supports PKI and UUID.
#
# [*token_driver*]
# (optional) Driver to use for managing tokens.
# Defaults to 'keystone.token.persistence.backends.sql.Token'
#
# [*token_expiration*]
# (optional) Amount of time a token should remain valid (seconds).
# Defaults to 3600 (1 hour).
#
# [*revoke_driver*]
# (optional) Driver for token revocation.
# Defaults to 'keystone.contrib.revoke.backends.sql.Revoke'
#
# [*cache_dir*]
# (optional) Directory created when token_provider is pki.
# Defaults to /var/cache/keystone.
#
# [*memcache_servers*]
# (optional) List of memcache servers in format of server:port.
# Used with token_driver 'keystone.token.backends.memcache.Token'.
# Defaults to false. Example: ['localhost:11211']
#
# [*cache_backend*]
# (optional) Dogpile.cache backend module. It is recommended that Memcache with pooling
# (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in production.
# This has no effects unless 'memcache_servers' is set.
# Defaults to 'keystone.common.cache.noop'
#
# [*cache_backend_argument*]
# (optional) List of arguments in format of argname:value supplied to the backend module.
# Specify this option once per argument to be passed to the dogpile.cache backend.
# This has no effects unless 'memcache_servers' is set.
# Default to undef.
#
# [*debug_cache_backend*]
# (optional) Extra debugging from the cache backend (cache keys, get/set/delete calls).
# This has no effects unless 'memcache_servers' is set.
# Default to false.
#
# [*token_caching*]
# (optional) Toggle for token system caching. This has no effects unless 'memcache_servers' is set.
# Default to true.
#
# [*enabled*]
# (optional) If the keystone services should be enabled.
# Default to true.
#
# [*database_connection*]
# (optional) Url used to connect to database.
# Defaults to sqlite:////var/lib/keystone/keystone.db
#
# [*database_idle_timeout*]
# (optional) Timeout when db connections should be reaped.
# Defaults to 200.
#
# [*enable_pki_setup*]
# (optional) Enable call to pki_setup to generate the cert for signing pki tokens and
# revocation lists if it doesn't already exist. This generates a cert and key stored in file
# locations based on the signing_certfile and signing_keyfile paramters below. If you are
# providing your own signing cert, make this false.
# Default to true.
#
# [*signing_certfile*]
# (optional) Location of the cert file for signing pki tokens and revocation lists.
# Note that if this file already exists (i.e. you are providing your own signing cert),
# the file will not be overwritten, even if enable_pki_setup is set to true.
# Default: /etc/keystone/ssl/certs/signing_cert.pem
#
# [*signing_keyfile*]
# (optional) Location of the key file for signing pki tokens and revocation lists.
# Note that if this file already exists (i.e. you are providing your own signing cert), the file
# will not be overwritten, even if enable_pki_setup is set to true.
# Default: /etc/keystone/ssl/private/signing_key.pem
#
# [*signing_ca_certs*]
# (optional) Use this CA certs file along with signing_certfile/signing_keyfile for
# signing pki tokens and revocation lists.
# Default: /etc/keystone/ssl/certs/ca.pem
#
# [*signing_ca_key*]
# (optional) Use this CA key file along with signing_certfile/signing_keyfile for signing
# pki tokens and revocation lists.
# Default: /etc/keystone/ssl/private/cakey.pem
#
# [*signing_cert_subject*]
# (optional) Certificate subject (auto generated certificate) for token signing. # (optional) Certificate subject (auto generated certificate) for token signing.
# Defaults to '/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com' # Defaults to '/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com'
# #
# [*signing_key_size*] # [*signing_key_size*]
# (optional) Key size (in bits) for token signing cert (auto generated certificate) # (optional) Key size (in bits) for token signing cert (auto generated certificate)
# Defaults to 2048 # Defaults to 2048
# #
# [rabbit_host] Location of rabbitmq installation. Optional. Defaults to localhost. # [*rabbit_host*]
# [rabbit_port] Port for rabbitmq instance. Optional. Defaults to 5672. # (optional) Location of rabbitmq installation.
# [rabbit_hosts] Location of rabbitmq installation. Optional. Defaults to undef. # Defaults to localhost.
# [rabbit_password] Password used to connect to rabbitmq. Optional. Defaults to guest.
# [rabbit_userid] User used to connect to rabbitmq. Optional. Defaults to guest.
# [rabbit_virtual_host] The RabbitMQ virtual host. Optional. Defaults to /.
# #
# [*rabbit_use_ssl*] # [*rabbit_port*]
# (optional) Connect over SSL for RabbitMQ # (optional) Port for rabbitmq instance.
# Defaults to false # Defaults to 5672.
# #
# [*kombu_ssl_ca_certs*] # [*rabbit_hosts*]
# (optional) SSL certification authority file (valid only if SSL enabled). # (optional) Location of rabbitmq installation.
# Defaults to undef # Defaults to undef.
# #
# [*kombu_ssl_certfile*] # [*rabbit_password*]
# (optional) SSL cert file (valid only if SSL enabled). # (optional) Password used to connect to rabbitmq.
# Defaults to undef # Defaults to guest.
# #
# [*kombu_ssl_keyfile*] # [*rabbit_userid*]
# (optional) SSL key file (valid only if SSL enabled). # (optional) User used to connect to rabbitmq.
# Defaults to undef # Defaults to guest.
# #
# [*kombu_ssl_version*] # [*rabbit_virtual_host*]
# (optional) SSL version to use (valid only if SSL enabled). # (optional) The RabbitMQ virtual host.
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be # Defaults to /.
# available on some distributions.
# Defaults to 'TLSv1'
# #
# [notification_driver] RPC driver. Not enabled by default # [*rabbit_use_ssl*]
# [notification_topics] AMQP topics to publish to when using the RPC notification driver. # (optional) Connect over SSL for RabbitMQ
# [control_exchange] AMQP exchange to connect to if using RabbitMQ or Qpid # Defaults to false
# #
# [*public_bind_host*] # [*kombu_ssl_ca_certs*]
# (optional) SSL certification authority file (valid only if SSL enabled).
# Defaults to undef
#
# [*kombu_ssl_certfile*]
# (optional) SSL cert file (valid only if SSL enabled).
# Defaults to undef
#
# [*kombu_ssl_keyfile*]
# (optional) SSL key file (valid only if SSL enabled).
# Defaults to undef
#
# [*kombu_ssl_version*]
# (optional) SSL version to use (valid only if SSL enabled).
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
# available on some distributions.
# Defaults to 'TLSv1'
#
# [*notification_driver*]
# RPC driver. Not enabled by default
#
# [*notification_topics*]
# (optional) AMQP topics to publish to when using the RPC notification driver.
# Default to false.
#
# [*control_exchange*]
# (optional) AMQP exchange to connect to if using RabbitMQ or Qpid
# Default to false.
#
# [*public_bind_host*]
# (optional) The IP address of the public network interface to listen on # (optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'. # Default to '0.0.0.0'.
# #
# [*admin_bind_host*] # [*admin_bind_host*]
# (optional) The IP address of the public network interface to listen on # (optional) The IP address of the public network interface to listen on
# Default to '0.0.0.0'. # Default to '0.0.0.0'.
# #
# [*log_dir*] # [*log_dir*]
# (optional) Directory where logs should be stored # (optional) Directory where logs should be stored
# If set to boolean false, it will not log to any directory # If set to boolean false, it will not log to any directory
# Defaults to '/var/log/keystone' # Defaults to '/var/log/keystone'
# #
# [*log_file*] # [*log_file*]
# (optional) Where to log # (optional) Where to log
# Defaults to false # Defaults to false
# #
# [*public_endpoint*] # [*public_endpoint*]
# (optional) The base public endpoint URL for keystone that are # (optional) The base public endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how # advertised to clients (NOTE: this does NOT affect how
# keystone listens for connections) (string value) # keystone listens for connections) (string value)
@@ -161,7 +236,7 @@
# Sample value: 'http://localhost:5000/' # Sample value: 'http://localhost:5000/'
# Defaults to false # Defaults to false
# #
# [*admin_endpoint*] # [*admin_endpoint*]
# (optional) The base admin endpoint URL for keystone that are # (optional) The base admin endpoint URL for keystone that are
# advertised to clients (NOTE: this does NOT affect how keystone listens # advertised to clients (NOTE: this does NOT affect how keystone listens
# for connections) (string value) # for connections) (string value)
@@ -169,63 +244,63 @@
# Sample value: 'http://localhost:35357/' # Sample value: 'http://localhost:35357/'
# Defaults to false # Defaults to false
# #
# [*enable_ssl*] # [*enable_ssl*]
# (optional) Toggle for SSL support on the keystone eventlet servers. # (optional) Toggle for SSL support on the keystone eventlet servers.
# (boolean value) # (boolean value)
# Defaults to false # Defaults to false
# #
# [*ssl_certfile*] # [*ssl_certfile*]
# (optional) Path of the certfile for SSL. (string value) # (optional) Path of the certfile for SSL. (string value)
# Defaults to '/etc/keystone/ssl/certs/keystone.pem' # Defaults to '/etc/keystone/ssl/certs/keystone.pem'
# #
# [*ssl_keyfile*] # [*ssl_keyfile*]
# (optional) Path of the keyfile for SSL. (string value) # (optional) Path of the keyfile for SSL. (string value)
# Defaults to '/etc/keystone/ssl/private/keystonekey.pem' # Defaults to '/etc/keystone/ssl/private/keystonekey.pem'
# #
# [*ssl_ca_certs*] # [*ssl_ca_certs*]
# (optional) Path of the ca cert file for SSL. (string value) # (optional) Path of the ca cert file for SSL. (string value)
# Defaults to '/etc/keystone/ssl/certs/ca.pem' # Defaults to '/etc/keystone/ssl/certs/ca.pem'
# #
# [*ssl_ca_key*] # [*ssl_ca_key*]
# (optional) Path of the CA key file for SSL (string value) # (optional) Path of the CA key file for SSL (string value)
# Defaults to '/etc/keystone/ssl/private/cakey.pem' # Defaults to '/etc/keystone/ssl/private/cakey.pem'
# #
# [*ssl_cert_subject*] # [*ssl_cert_subject*]
# (optional) SSL Certificate Subject (auto generated certificate) # (optional) SSL Certificate Subject (auto generated certificate)
# (string value) # (string value)
# Defaults to '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost' # Defaults to '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost'
# #
# [*mysql_module*] # [*mysql_module*]
# (optional) Deprecated. Does nothing. # (optional) Deprecated. Does nothing.
# #
# [*validate_service*] # [*validate_service*]
# (optional) Whether to validate keystone connections after # (optional) Whether to validate keystone connections after
# the service is started. # the service is started.
# Defaults to false # Defaults to false
# #
# [*validate_insecure*] # [*validate_insecure*]
# (optional) Whether to validate keystone connections # (optional) Whether to validate keystone connections
# using the --insecure option with keystone client. # using the --insecure option with keystone client.
# Defaults to false # Defaults to false
# #
# [*validate_cacert*] # [*validate_cacert*]
# (optional) Whether to validate keystone connections # (optional) Whether to validate keystone connections
# using the specified argument with the --os-cacert option # using the specified argument with the --os-cacert option
# with keystone client. # with keystone client.
# Defaults to undef # Defaults to undef
# #
# [*validate_auth_url*] # [*validate_auth_url*]
# (optional) The url to validate keystone against # (optional) The url to validate keystone against
# Defaults to undef # Defaults to undef
# #
# [*service_provider*] # [*service_provider*]
# (optional) Provider, that can be used for keystone service. # (optional) Provider, that can be used for keystone service.
# Default value defined in keystone::params for given operation system. # Default value defined in keystone::params for given operation system.
# If you use Pacemaker or another Cluster Resource Manager, you can make # If you use Pacemaker or another Cluster Resource Manager, you can make
# custom service provider for changing start/stop/status behavior of service, # custom service provider for changing start/stop/status behavior of service,
# and set it here. # and set it here.
# #
# [*service_name*] # [*service_name*]
# (optional) Name of the service that will be providing the # (optional) Name of the service that will be providing the
# server functionality of keystone. For example, the default # server functionality of keystone. For example, the default
# is just 'keystone', which means keystone will be run as a # is just 'keystone', which means keystone will be run as a
@@ -242,23 +317,23 @@
# Defaults to 'keystone' # Defaults to 'keystone'
# NOTE: validate_service only applies if the value is 'keystone' # NOTE: validate_service only applies if the value is 'keystone'
# #
# [*paste_config*] # [*paste_config*]
# (optional) Name of the paste configuration file that defines the # (optional) Name of the paste configuration file that defines the
# available pipelines. (string value) # available pipelines. (string value)
# Defaults to '/usr/share/keystone/keystone-dist-paste.ini' on RedHat and # Defaults to '/usr/share/keystone/keystone-dist-paste.ini' on RedHat and
# undef on other platforms. # undef on other platforms.
# #
# [*max_token_size*] # [*max_token_size*]
# (optional) maximum allowable Keystone token size # (optional) maximum allowable Keystone token size
# Defaults to undef # Defaults to undef
# #
# [*admin_workers*] # [*admin_workers*]
# (optional) The number of worker processes to serve the admin WSGI application. # (optional) The number of worker processes to serve the admin WSGI application.
# Defaults to max($::processorcount, 2) # Defaults to max($::processorcount, 2)
# #
# [*public_workers*] # [*public_workers*]
# (optional) The number of worker processes to serve the public WSGI application. # (optional) The number of worker processes to serve the public WSGI application.
# Defaults to max($::processorcount, 2) # Defaults to max($::processorcount, 2)
# #
# == Dependencies # == Dependencies
# None # None

370
manifests/ldap.pp
View File

@@ -1,6 +1,376 @@
# == class: keystone::ldap
# #
# Implements ldap configuration for keystone. # Implements ldap configuration for keystone.
# #
# === parameters:
#
# [*url*]
# URL for connecting to the LDAP server. (string value)
# Defaults to 'undef'
#
# [*user*]
# User BindDN to query the LDAP server. (string value)
# Defaults to 'undef'
#
# [*password*]
# Password for the BindDN to query the LDAP server. (string value)
# Defaults to 'undef'
#
# [*suffix*]
# LDAP server suffix (string value)
# Defaults to 'undef'
#
# [*query_scope*]
# The LDAP scope for queries, this can be either "one"
# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value)
# Defaults to 'undef'
#
# [*page_size*]
# Maximum results per page; a value of zero ("0") disables paging. (integer value)
# Defaults to 'undef'
#
# [*user_tree_dn*]
# Search base for users. (string value)
# Defaults to 'undef'
#
# [*user_filter*]
# LDAP search filter for users. (string value)
# Defaults to 'undef'
#
# [*user_objectclass*]
# LDAP objectclass for users. (string value)
# Defaults to 'undef'
#
# [*user_id_attribute*]
# LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value)
# Defaults to 'undef'
#
# [*user_name_attribute*]
# LDAP attribute mapped to user name. (string value)
# Defaults to 'undef'
#
# [*user_mail_attribute*]
# LDAP attribute mapped to user email. (string value)
#
# [*user_enabled_attribute*]
# LDAP attribute mapped to user enabled flag. (string value)
# Defaults to 'undef'
#
# [*user_enabled_mask*]
# Bitmask integer to indicate the bit that the enabled value is stored in if
# the LDAP server represents "enabled" as a bit on an integer rather than a
# boolean. A value of "0" indicates the mask is not used. If this is not set
# to "0" the typical value is "2". This is typically used when
# "user_enabled_attribute = userAccountControl". (integer value)
# Defaults to 'undef'
#
# [*user_enabled_default*]
# Default value to enable users. This should match an appropriate int value
# if the LDAP server uses non-boolean (bitmask) values to indicate if a user
# is enabled or disabled. If this is not set to "True" the typical value is
# "512". This is typically used when "user_enabled_attribute =
# userAccountControl". (string value)
# Defaults to 'undef'
#
# [*user_enabled_invert*]
# Invert the meaning of the boolean enabled values. Some LDAP servers use a
# boolean lock attribute where "true" means an account is disabled. Setting
# "user_enabled_invert = true" will allow these lock attributes to be used.
# This setting will have no effect if "user_enabled_mask" or
# "user_enabled_emulation" settings are in use. (boolean value)
# Defaults to 'undef'
#
# [*user_attribute_ignore*]
# List of attributes stripped off the user on update. (list value)
# Defaults to 'undef'
#
# [*user_default_project_id_attribute*]
# LDAP attribute mapped to default_project_id for users. (string value)
# Defaults to 'undef'
#
# [*user_allow_create*]
# Allow user creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_allow_update*]
# Allow user updates in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_allow_delete*]
# Allow user deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_pass_attribute*]
# LDAP attribute mapped to password. (string value)
# Defaults to 'undef'
#
# [*user_enabled_emulation*]
# If true, Keystone uses an alternative method to determine if
# a user is enabled or not by checking if they are a member of
# the "user_enabled_emulation_dn" group. (boolean value)
# Defaults to 'undef'
#
# [*user_enabled_emulation_dn*]
# DN of the group entry to hold enabled users when using enabled emulation.
# (string value)
# Defaults to 'undef'
#
# [*user_additional_attribute_mapping*]
# List of additional LDAP attributes used for mapping
# additional attribute mappings for users. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
# Defaults to 'undef'
#
# [*project_tree_dn*]
# Search base for projects (string value)
# Defaults to 'undef'
#
# [*project_filter*]
# LDAP search filter for projects. (string value)
# Defaults to 'undef'
#
# [*project_objectclass*]
# LDAP objectclass for projects. (string value)
# Defaults to 'undef'
#
# [*project_id_attribute*]
# LDAP attribute mapped to project id. (string value)
# Defaults to 'undef'
#
# [*project_member_attribute*]
# LDAP attribute mapped to project membership for user. (string value)
# Defaults to 'undef'
#
# [*project_name_attribute*]
# LDAP attribute mapped to project name. (string value)
# Defaults to 'undef'
#
# [*project_desc_attribute*]
# LDAP attribute mapped to project description. (string value)
# Defaults to 'undef'
#
# [*project_enabled_attribute*]
# LDAP attribute mapped to project enabled. (string value)
# Defaults to 'undef'
#
# [*project_domain_id_attribute*]
# LDAP attribute mapped to project domain_id. (string value)
# Defaults to 'undef'
#
# [*project_attribute_ignore*]
# List of attributes stripped off the project on update. (list value)
# Defaults to 'undef'
#
# [*project_allow_create*]
# Allow project creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*project_allow_update*]
# Allow project update in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*project_allow_delete*]
# Allow project deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*project_enabled_emulation*]
# If true, Keystone uses an alternative method to determine if
# a project is enabled or not by checking if they are a member
# of the "project_enabled_emulation_dn" group. (boolean value)
# Defaults to 'undef'
#
# [*project_enabled_emulation_dn*]
# DN of the group entry to hold enabled projects when using
# enabled emulation. (string value)
# Defaults to 'undef'
#
# [*project_additional_attribute_mapping*]
# Additional attribute mappings for projects. Attribute
# mapping format is <ldap_attr>:<user_attr>, where ldap_attr
# is the attribute in the LDAP entry and user_attr is the
# Identity API attribute. (list value)
# Defaults to 'undef'
#
# [*role_tree_dn*]
# Search base for roles. (string value)
# Defaults to 'undef'
#
# [*role_filter*]
# LDAP search filter for roles. (string value)
# Defaults to 'undef'
#
# [*role_objectclass*]
# LDAP objectclass for roles. (string value)
# Defaults to 'undef'
#
# [*role_id_attribute*]
# LDAP attribute mapped to role id. (string value)
# Defaults to 'undef'
#
# [*role_name_attribute*]
# LDAP attribute mapped to role name. (string value)
# Defaults to 'undef'
#
# [*role_member_attribute*]
# LDAP attribute mapped to role membership. (string value)
# Defaults to 'undef'
#
# [*role_attribute_ignore*]
# List of attributes stripped off the role on update. (list value)
# Defaults to 'undef'
#
# [*role_allow_create*]
# Allow role creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*role_allow_update*]
# Allow role update in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*role_allow_delete*]
# Allow role deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*role_additional_attribute_mapping*]
# Additional attribute mappings for roles. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
# Defaults to 'undef'
#
# [*group_tree_dn*]
# Search base for groups. (string value)
# Defaults to 'undef'
#
# [*group_filter*]
# LDAP search filter for groups. (string value)
# Defaults to 'undef'
#
# [*group_objectclass*]
# LDAP objectclass for groups. (string value)
# Defaults to 'undef'
#
# [*group_id_attribute*]
# LDAP attribute mapped to group id. (string value)
# Defaults to 'undef'
#
# [*group_name_attribute*]
# LDAP attribute mapped to group name. (string value)
# Defaults to 'undef'
#
# [*group_member_attribute*]
# LDAP attribute mapped to show group membership. (string value)
# Defaults to 'undef'
#
# [*group_desc_attribute*]
# LDAP attribute mapped to group description. (string value)
# Defaults to 'undef'
#
# [*group_attribute_ignore*]
# List of attributes stripped off the group on update. (list value)
# Defaults to 'undef'
#
# [*group_allow_create*]
# Allow group creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_allow_update*]
# Allow group update in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_allow_delete*]
# Allow group deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_additional_attribute_mapping*]
# Additional attribute mappings for groups. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
# Defaults to 'undef'
#
# [*use_tls*]
# Enable TLS for communicating with LDAP servers. (boolean value)
# Defaults to 'undef'
#
# [*tls_cacertfile*]
# CA certificate file path for communicating with LDAP servers. (string value)
# Defaults to 'undef'
#
# [*tls_cacertdir*]
# CA certificate directory path for communicating with LDAP servers. (string value)
# Defaults to 'undef'
#
# [*tls_req_cert*]
# Valid options for tls_req_cert are demand, never, and allow. (string value)
# Defaults to 'undef'
#
# [*identity_driver*]
# Identity backend driver. (string value)
# Defaults to 'undef'
#
# [*assignment_driver*]
# Assignment backend driver. (string value)
# Defaults to 'undef'
#
# [*use_pool*]
# Enable LDAP connection pooling. (boolean value)
# Defaults to false
#
# [*pool_size*]
# Connection pool size. (integer value)
# Defaults to '10'
#
# [*pool_retry_max*]
# Maximum count of reconnect trials. (integer value)
# Defaults to '3'
#
# [*pool_retry_delay*]
# Time span in seconds to wait between two reconnect trials. (floating point value)
# Defaults to '0.1'
#
# [*pool_connection_timeout*]
# Connector timeout in seconds. Value -1 indicates indefinite wait for response. (integer value)
# Defaults to '-1'
#
# [*pool_connection_lifetime*]
# Connection lifetime in seconds. (integer value)
# Defaults to '600'
#
# [*use_auth_pool*]
# Enable LDAP connection pooling for end user authentication.
# If use_pool is disabled, then this setting is meaningless and is not used at all. (boolean value)
# Defaults to false
#
# [*auth_pool_size*]
# End user auth connection pool size. (integer value)
# Defaults to '100'
#
# [*auth_pool_connection_lifetime*]
# End user auth connection lifetime in seconds. (integer value)
# Defaults to '60'
#
# === DEPRECATED group/name
#
# [*tenant_tree_dn*]
# [*tenant_filter*]
# [*tenant_objectclass*]
# [*tenant_id_attribute*]
# [*tenant_member_attribute*]
# [*tenant_name_attribute*]
# [*tenant_desc_attribute*]
# [*tenant_enabled_attribute*]
# [*tenant_domain_id_attribute*]
# [*tenant_attribute_ignore*]
# [*tenant_allow_create*]
# [*tenant_allow_update*]
# [*tenant_enabled_emulation*]
# [*tenant_enabled_emulation_dn*]
# [*tenant_additional_attribute_mapping*]
# [*tenant_allow_delete*]
#
# == Dependencies # == Dependencies
# == Examples # == Examples
# == Authors # == Authors

10
manifests/python.pp
View File

@@ -1,6 +1,16 @@
# == Class keystone::python
# #
# installs client python libraries for keystone # installs client python libraries for keystone
# #
# === Parameters:
#
# [*client_package_name*]
# (optional) The name of python keystone client package
# Defaults to $keystone::params::client_package_name
#
# [*ensure*]
# (optional) The state for the keystone client package
# Defaults to 'present'
# #
class keystone::python ( class keystone::python (
$client_package_name = $keystone::params::client_package_name, $client_package_name = $keystone::params::client_package_name,

72
manifests/resource/service_identity.pp
View File

@@ -22,76 +22,76 @@
# == Parameters: # == Parameters:
# #
# [*password*] # [*password*]
# Password to create for the service user; # Password to create for the service user;
# string; required # string; required
# #
# [*auth_name*] # [*auth_name*]
# The name of the service user; # The name of the service user;
# string; optional; default to the $title of the resource, i.e. 'nova' # string; optional; default to the $title of the resource, i.e. 'nova'
# #
# [*service_name*] # [*service_name*]
# Name of the service; # Name of the service;
# string; required # string; required
# #
# [*service_type*] # [*service_type*]
# Type of the service; # Type of the service;
# string; required # string; required
# #
# [*service_description*] # [*service_description*]
# Description of the service; # Description of the service;
# string; optional: default to '$name service' # string; optional: default to '$name service'
# #
# [*public_url*] # [*public_url*]
# Public endpoint URL; # Public endpoint URL;
# string; required # string; required
# #
# [*internal_url*] # [*internal_url*]
# Internal endpoint URL; # Internal endpoint URL;
# string; required # string; required
# #
# [*admin_url*] # [*admin_url*]
# Admin endpoint URL; # Admin endpoint URL;
# string; required # string; required
# #
# [*region*] # [*region*]
# Endpoint region; # Endpoint region;
# string; optional: default to 'RegionOne' # string; optional: default to 'RegionOne'
# #
# [*tenant*] # [*tenant*]
# Service tenant; # Service tenant;
# string; optional: default to 'services' # string; optional: default to 'services'
# #
# [*ignore_default_tenant*] # [*ignore_default_tenant*]
# Ignore setting the default tenant value when the user is created. # Ignore setting the default tenant value when the user is created.
# string; optional: default to false # string; optional: default to false
# #
# [*roles*] # [*roles*]
# List of roles; # List of roles;
# string; optional: default to ['admin'] # string; optional: default to ['admin']
# #
# [*domain*] # [*domain*]
# User domain (keystone v3), not implemented yet. # User domain (keystone v3), not implemented yet.
# string; optional: default to undef # string; optional: default to undef
# #
# [*email*] # [*email*]
# Service email; # Service email;
# string; optional: default to '$auth_name@localhost' # string; optional: default to '$auth_name@localhost'
# #
# [*configure_endpoint*] # [*configure_endpoint*]
# Whether to create the endpoint. # Whether to create the endpoint.
# string; optional: default to True # string; optional: default to True
# #
# [*configure_user*] # [*configure_user*]
# Whether to create the user. # Whether to create the user.
# string; optional: default to True # string; optional: default to True
# #
# [*configure_user_role*] # [*configure_user_role*]
# Whether to create the user role. # Whether to create the user role.
# string; optional: default to True # string; optional: default to True
# #
# [*configure_service*] # [*configure_service*]
# Whether to create the service. # Whether to create the service.
# string; optional: default to True # string; optional: default to True
# #
define keystone::resource::service_identity( define keystone::resource::service_identity(
$admin_url = false, $admin_url = false,

54
manifests/roles/admin.pp
View File

@@ -1,3 +1,4 @@
# == Class: keystone::roles::admin
# #
# This class implements some reasonable admin defaults for keystone. # This class implements some reasonable admin defaults for keystone.
# #
@@ -8,18 +9,49 @@
# * admin role # * admin role
# * adds admin role to admin user on the "admin" tenant # * adds admin role to admin user on the "admin" tenant
# #
# [*Parameters*] # === Parameters:
# #
# [email] The email address for the admin. Required. # [*email*]
# [password] The admin password. Required. # The email address for the admin. Required.
# [admin_roles] The list of the roles with admin privileges. Optional. Defaults to ['admin']. #
# [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack. # [*password*]
# [admin] Admin user. Optional. Defaults to admin. # The admin password. Required.
# [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false. #
# [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant' # [*admin_roles*]
# [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services' # The list of the roles with admin privileges. Optional.
# [configure_user] Optional. Should the admin user be created? Defaults to 'true'. # Defaults to ['admin'].
# [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'. #
# [*admin_tenant*]
# The name of the tenant to be used for admin privileges. Optional.
# Defaults to openstack.
#
# [*service_tenant*]
# The name of service keystone tenant. Optional.
# Defaults to 'services'.
#
# [*admin*]
# Admin user. Optional.
# Defaults to admin.
#
# [*ignore_default_tenant*]
# Ignore setting the default tenant value when the user is created. Optional.
# Defaults to false.
#
# [*admin_tenant_desc*]
# Optional. Description for admin tenant,
# Defaults to 'admin tenant'
#
# [*service_tenant_desc*]
# Optional. Description for admin tenant,
# Defaults to 'Tenant for the openstack services'
#
# [*configure_user*]
# Optional. Should the admin user be created?
# Defaults to 'true'.
#
# [*configure_user_role*]
# Optional. Should the admin role be configured for the admin user?
# Defaulst to 'true'.
# #
# == Dependencies # == Dependencies
# == Examples # == Examples

73
manifests/service.pp
View File

@@ -9,60 +9,59 @@
# === Parameters # === Parameters
# #
# [*ensure*] # [*ensure*]
# (optional) The desired state of the keystone service # (optional) The desired state of the keystone service
# Defaults to 'running' # Defaults to 'running'
# #
# [*service_name*] # [*service_name*]
# (optional) The name of the keystone service # (optional) The name of the keystone service
# Defaults to $::keystone::params::service_name # Defaults to $::keystone::params::service_name
# #
# [*enable*] # [*enable*]
# (optional) Whether to enable the keystone service # (optional) Whether to enable the keystone service
# Defaults to true # Defaults to true
# #
# [*hasstatus*] # [*hasstatus*]
# (optional) Whether the keystone service has status # (optional) Whether the keystone service has status
# Defaults to true # Defaults to true
# #
# [*hasrestart*] # [*hasrestart*]
# (optional) Whether the keystone service has restart # (optional) Whether the keystone service has restart
# Defaults to true # Defaults to true
# #
# [*provider*] # [*provider*]
# (optional) Provider for keystone service # (optional) Provider for keystone service
# Defaults to $::keystone::params::service_provider # Defaults to $::keystone::params::service_provider
# #
# [*validate*] # [*validate*]
# (optional) Whether to validate the service is working # (optional) Whether to validate the service is working after any service refreshes
# after any service refreshes # Defaults to false
# Defaults to false
# #
# [*admin_token*] # [*admin_token*]
# (optional) The admin token to use for validation # (optional) The admin token to use for validation
# Defaults to undef # Defaults to undef
# #
# [*admin_endpoint*] # [*admin_endpoint*]
# (optional) The admin endpont to use for validation # (optional) The admin endpont to use for validation
# Defaults to 'http://localhost:35357/v2.0' # Defaults to 'http://localhost:35357/v2.0'
# #
# [*retries*] # [*retries*]
# (optional) Number of times to retry validation # (optional) Number of times to retry validation
# Defaults to 10 # Defaults to 10
# #
# [*delay*] # [*delay*]
# (optional) Number of seconds between validation attempts # (optional) Number of seconds between validation attempts
# Defaults to 2 # Defaults to 2
# #
# [*insecure*] # [*insecure*]
# (optional) Whether to validate keystone connections # (optional) Whether to validate keystone connections
# using the --insecure option with keystone client. # using the --insecure option with keystone client.
# Defaults to false # Defaults to false
# #
# [*cacert*] # [*cacert*]
# (optional) Whether to validate keystone connections # (optional) Whether to validate keystone connections
# using the specified argument with the --os-cacert option # using the specified argument with the --os-cacert option
# with keystone client. # with keystone client.
# Defaults to undef # Defaults to undef
# #
class keystone::service( class keystone::service(
$ensure = 'running', $ensure = 'running',
@@ -106,13 +105,13 @@ class keystone::service(
$cmd = "openstack --os-auth-url ${admin_endpoint} --os-token ${admin_token} ${insecure_s} ${cacert_s} user list" $cmd = "openstack --os-auth-url ${admin_endpoint} --os-token ${admin_token} ${insecure_s} ${cacert_s} user list"
$catch = 'name' $catch = 'name'
exec { 'validate_keystone_connection': exec { 'validate_keystone_connection':
path => '/usr/bin:/bin:/usr/sbin:/sbin', path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell, provider => shell,
command => $cmd, command => $cmd,
subscribe => Service['keystone'], subscribe => Service['keystone'],
refreshonly => true, refreshonly => true,
tries => $retries, tries => $retries,
try_sleep => $delay try_sleep => $delay
} }
Exec['validate_keystone_connection'] -> Keystone_user<||> Exec['validate_keystone_connection'] -> Keystone_user<||>

26
manifests/wsgi/apache.pp
View File

@@ -46,15 +46,41 @@
# Optional. Defaults to 1 # Optional. Defaults to 1
# #
# [*ssl_cert*] # [*ssl_cert*]
# (optional) Path to SSL certificate
# Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_key*] # [*ssl_key*]
# (optional) Path to SSL key
# Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_chain*] # [*ssl_chain*]
# (optional) SSL chain
# Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_ca*] # [*ssl_ca*]
# (optional) Path to SSL certificate authority
# Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_crl_path*] # [*ssl_crl_path*]
# (optional) Path to SSL certificate revocation list
# Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_crl*] # [*ssl_crl*]
# (optional) SSL certificate revocation list name
# Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_certs_dir*] # [*ssl_certs_dir*]
# apache::vhost ssl parameters. # apache::vhost ssl parameters.
# Optional. Default to apache::vhost 'ssl_*' defaults. # Optional. Default to apache::vhost 'ssl_*' defaults.
# #
# [*priority*]
# (optional) The priority for the vhost.
# Defaults to '10'
#
# [*threads*]
# (optional) The number of threads for the vhost.
# Defaults to $::processorcount
#
# == Dependencies # == Dependencies
# #
# requires Class['apache'] & Class['keystone'] # requires Class['apache'] & Class['keystone']