Merge "Add missing puppetdoc and lint all parameter documentation"
This commit is contained in:
commit
a687f5d0e0
2
Gemfile
2
Gemfile
|
@ -2,7 +2,7 @@ source 'https://rubygems.org'
|
|||
|
||||
group :development, :test do
|
||||
gem 'puppetlabs_spec_helper', :require => false
|
||||
gem 'puppet-lint', '~> 0.3.2'
|
||||
gem 'puppet-lint-param-docs'
|
||||
gem 'rspec-puppet', '~> 1.0.1'
|
||||
gem 'rake', '10.1.1'
|
||||
end
|
||||
|
|
|
@ -5,7 +5,8 @@
|
|||
# === Parameters
|
||||
#
|
||||
# [*ensure*]
|
||||
# (optional) Ensure state of the package. Defaults to 'present'.
|
||||
# (optional) Ensure state of the package.
|
||||
# Defaults to 'present'.
|
||||
#
|
||||
class keystone::client (
|
||||
$ensure = 'present'
|
||||
|
|
|
@ -5,19 +5,39 @@
|
|||
#
|
||||
# == parameters
|
||||
#
|
||||
# [password] Password that will be used for the keystone db user.
|
||||
# Optional. Defaults to: 'keystone_default_password'
|
||||
# [*password*]
|
||||
# (Mandatory) Password to connect to the database.
|
||||
# Defaults to 'false'.
|
||||
#
|
||||
# [dbname] Name of keystone database. Optional. Defaults to keystone.
|
||||
# [*dbname*]
|
||||
# (Optional) Name of the database.
|
||||
# Defaults to 'keystone'.
|
||||
#
|
||||
# [user] Name of keystone user. Optional. Defaults to keystone.
|
||||
# [*user*]
|
||||
# (Optional) User to connect to the database.
|
||||
# Defaults to 'keystone'.
|
||||
#
|
||||
# [host] Host where user should be allowed all priveleges for database.
|
||||
# Optional. Defaults to 127.0.0.1.
|
||||
# [*host*]
|
||||
# (Optional) The default source host user is allowed to connect from.
|
||||
# Defaults to '127.0.0.1'
|
||||
#
|
||||
# [allowed_hosts] Hosts allowed to use the database
|
||||
# [*allowed_hosts*]
|
||||
# (Optional) Other hosts the user is allowed to connect from.
|
||||
# Defaults to 'undef'.
|
||||
#
|
||||
# [*mysql_module*] Deprecated. Does nothing.
|
||||
# [*charset*]
|
||||
# (Optional) The database charset.
|
||||
# Defaults to 'utf8'
|
||||
#
|
||||
# [*collate*]
|
||||
# (Optional) The database collate.
|
||||
# Only used with mysql modules >= 2.2.
|
||||
# Defaults to 'utf8_unicode_ci'
|
||||
#
|
||||
# === Deprecated Parameters
|
||||
#
|
||||
# [*mysql_module*]
|
||||
# (Optional) Does nothing.
|
||||
#
|
||||
# == Dependencies
|
||||
# Class['mysql::server']
|
||||
|
|
|
@ -1,6 +1,12 @@
|
|||
#
|
||||
# Installs keystone from source. This is not yet fully implemented
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [*source_dir*]
|
||||
# (optional) The source dire for dev installation
|
||||
# Defaults to '/usr/local/keystone'
|
||||
#
|
||||
# == Dependencies
|
||||
# == Examples
|
||||
# == Authors
|
||||
|
|
|
@ -3,72 +3,111 @@
|
|||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [package_ensure] Desired ensure state of packages. Optional. Defaults to present.
|
||||
# [*package_ensure*]
|
||||
# (optional) Desired ensure state of packages.
|
||||
# accepts latest or specific versions.
|
||||
# [client_package_ensure] Desired ensure state of the client package. Optional. Defaults to present.
|
||||
# Defaults to present.
|
||||
#
|
||||
# [*client_package_ensure*]
|
||||
# (optional) Desired ensure state of the client package.
|
||||
# accepts latest or specific versions.
|
||||
# [public_port]
|
||||
# Defaults to present.
|
||||
#
|
||||
# [compute_port]
|
||||
# (optional) DEPRECATED. The port for the compute service.
|
||||
# Defaults to 8774.
|
||||
# [*public_port*]
|
||||
# (optional) Port that keystone binds to.
|
||||
# Defaults to '5000'
|
||||
#
|
||||
# [admin_port]
|
||||
# [admin_port] Port that can be used for admin tasks.
|
||||
# [admin_token] Admin token that can be used to authenticate as a keystone
|
||||
# [*compute_port*]
|
||||
# (optional) DEPRECATED The port for compute servie.
|
||||
# Defaults to '8774'
|
||||
#
|
||||
# [*admin_port*]
|
||||
# (optional) Port that can be used for admin tasks.
|
||||
# Defaults to '35357'
|
||||
#
|
||||
# [*admin_token*]
|
||||
# Admin token that can be used to authenticate as a keystone
|
||||
# admin. Required.
|
||||
# [verbose] Rather keystone should log at verbose level. Optional.
|
||||
#
|
||||
# [*verbose*]
|
||||
# (optional) Rather keystone should log at verbose level.
|
||||
# Defaults to false.
|
||||
#
|
||||
# [*debug*]
|
||||
# (optional) Rather keystone should log at debug level.
|
||||
# Defaults to False.
|
||||
# [debug] Rather keystone should log at debug level. Optional.
|
||||
# Defaults to False.
|
||||
# [use_syslog] Use syslog for logging. Optional.
|
||||
# Defaults to False.
|
||||
# [log_facility] Syslog facility to receive log lines. Optional.
|
||||
# [catalog_type] Type of catalog that keystone uses to store endpoints,services. Optional.
|
||||
#
|
||||
# [*use_syslog*]
|
||||
# (optional) Use syslog for logging.
|
||||
# Defaults to false.
|
||||
#
|
||||
# [*log_facility*]
|
||||
# (optional) Syslog facility to receive log lines.
|
||||
# Defaults to 'LOG_USER'.
|
||||
#
|
||||
# [*catalog_type*]
|
||||
# (optional) Type of catalog that keystone uses to store endpoints,services.
|
||||
# Defaults to sql. (Also accepts template)
|
||||
# [catalog_driver] Catalog driver used by Keystone to store endpoints and services. Optional.
|
||||
#
|
||||
# [*catalog_driver*]
|
||||
# (optional) Catalog driver used by Keystone to store endpoints and services.
|
||||
# Setting this value will override and ignore catalog_type.
|
||||
# [catalog_template_file] Path to the catalog used if catalog_type equals 'template'.
|
||||
# Defaults to false.
|
||||
#
|
||||
# [*catalog_template_file*]
|
||||
# (optional) Path to the catalog used if catalog_type equals 'template'.
|
||||
# Defaults to '/etc/keystone/default_catalog.templates'
|
||||
# [token_provider] Format keystone uses for tokens. Optional.
|
||||
#
|
||||
# [*token_provider*]
|
||||
# (optional) Format keystone uses for tokens.
|
||||
# Defaults to 'keystone.token.providers.uuid.Provider'
|
||||
# Supports PKI and UUID.
|
||||
# [token_driver] Driver to use for managing tokens.
|
||||
# Optional. Defaults to 'keystone.token.persistence.backends.sql.Token'
|
||||
# [token_expiration] Amount of time a token should remain valid (seconds).
|
||||
# Optional. Defaults to 3600 (1 hour).
|
||||
# [revoke_driver] Driver for token revocation.
|
||||
# Optional. Defaults to 'keystone.contrib.revoke.backends.sql.Revoke'
|
||||
# [cache_dir] Directory created when token_provider is pki. Optional.
|
||||
#
|
||||
# [*token_driver*]
|
||||
# (optional) Driver to use for managing tokens.
|
||||
# Defaults to 'keystone.token.persistence.backends.sql.Token'
|
||||
#
|
||||
# [*token_expiration*]
|
||||
# (optional) Amount of time a token should remain valid (seconds).
|
||||
# Defaults to 3600 (1 hour).
|
||||
#
|
||||
# [*revoke_driver*]
|
||||
# (optional) Driver for token revocation.
|
||||
# Defaults to 'keystone.contrib.revoke.backends.sql.Revoke'
|
||||
#
|
||||
# [*cache_dir*]
|
||||
# (optional) Directory created when token_provider is pki.
|
||||
# Defaults to /var/cache/keystone.
|
||||
#
|
||||
# [memcache_servers]
|
||||
# List of memcache servers in format of server:port.
|
||||
# [*memcache_servers*]
|
||||
# (optional) List of memcache servers in format of server:port.
|
||||
# Used with token_driver 'keystone.token.backends.memcache.Token'.
|
||||
# Optional. Defaults to false. Example: ['localhost:11211']
|
||||
# Defaults to false. Example: ['localhost:11211']
|
||||
#
|
||||
# [cache_backend]
|
||||
# Dogpile.cache backend module. It is recommended that Memcache with pooling
|
||||
# [*cache_backend*]
|
||||
# (optional) Dogpile.cache backend module. It is recommended that Memcache with pooling
|
||||
# (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in production.
|
||||
# This has no effects unless 'memcache_servers' is set.
|
||||
# Optional. Defaults to 'keystone.common.cache.noop'
|
||||
# Defaults to 'keystone.common.cache.noop'
|
||||
#
|
||||
# [cache_backend_argument]
|
||||
# List of arguments in format of argname:value supplied to the backend module.
|
||||
# [*cache_backend_argument*]
|
||||
# (optional) List of arguments in format of argname:value supplied to the backend module.
|
||||
# Specify this option once per argument to be passed to the dogpile.cache backend.
|
||||
# This has no effects unless 'memcache_servers' is set.
|
||||
# Optional. Default to undef.
|
||||
# Default to undef.
|
||||
#
|
||||
# [debug_cache_backend]
|
||||
# Extra debugging from the cache backend (cache keys, get/set/delete calls).
|
||||
# [*debug_cache_backend*]
|
||||
# (optional) Extra debugging from the cache backend (cache keys, get/set/delete calls).
|
||||
# This has no effects unless 'memcache_servers' is set.
|
||||
# Optional. Default to false.
|
||||
# Default to false.
|
||||
#
|
||||
# [token_caching]
|
||||
# Toggle for token system caching. This has no effects unless 'memcache_servers' is set.
|
||||
# Optional. Default to true.
|
||||
# [*token_caching*]
|
||||
# (optional) Toggle for token system caching. This has no effects unless 'memcache_servers' is set.
|
||||
# Default to true.
|
||||
#
|
||||
# [enabled] If the keystone services should be enabled. Optional. Default to true.
|
||||
# [*enabled*]
|
||||
# (optional) If the keystone services should be enabled.
|
||||
# Default to true.
|
||||
#
|
||||
# [*database_connection*]
|
||||
# (optional) Url used to connect to database.
|
||||
|
@ -78,22 +117,34 @@
|
|||
# (optional) Timeout when db connections should be reaped.
|
||||
# Defaults to 200.
|
||||
#
|
||||
# [enable_pki_setup] Enable call to pki_setup to generate the cert for signing pki tokens and
|
||||
# [*enable_pki_setup*]
|
||||
# (optional) Enable call to pki_setup to generate the cert for signing pki tokens and
|
||||
# revocation lists if it doesn't already exist. This generates a cert and key stored in file
|
||||
# locations based on the signing_certfile and signing_keyfile paramters below. If you are
|
||||
# providing your own signing cert, make this false.
|
||||
# [signing_certfile] Location of the cert file for signing pki tokens and revocation lists.
|
||||
# Optional. Note that if this file already exists (i.e. you are providing your own signing cert),
|
||||
# Default to true.
|
||||
#
|
||||
# [*signing_certfile*]
|
||||
# (optional) Location of the cert file for signing pki tokens and revocation lists.
|
||||
# Note that if this file already exists (i.e. you are providing your own signing cert),
|
||||
# the file will not be overwritten, even if enable_pki_setup is set to true.
|
||||
# Default: /etc/keystone/ssl/certs/signing_cert.pem
|
||||
# [signing_keyfile] Location of the key file for signing pki tokens and revocation lists. Optional.
|
||||
#
|
||||
# [*signing_keyfile*]
|
||||
# (optional) Location of the key file for signing pki tokens and revocation lists.
|
||||
# Note that if this file already exists (i.e. you are providing your own signing cert), the file
|
||||
# will not be overwritten, even if enable_pki_setup is set to true.
|
||||
# Default: /etc/keystone/ssl/private/signing_key.pem
|
||||
# [signing_ca_certs] Use this CA certs file along with signing_certfile/signing_keyfile for
|
||||
# signing pki tokens and revocation lists. Optional. Default: /etc/keystone/ssl/certs/ca.pem
|
||||
# [signing_ca_key] Use this CA key file along with signing_certfile/signing_keyfile for signing
|
||||
# pki tokens and revocation lists. Optional. Default: /etc/keystone/ssl/private/cakey.pem
|
||||
#
|
||||
# [*signing_ca_certs*]
|
||||
# (optional) Use this CA certs file along with signing_certfile/signing_keyfile for
|
||||
# signing pki tokens and revocation lists.
|
||||
# Default: /etc/keystone/ssl/certs/ca.pem
|
||||
#
|
||||
# [*signing_ca_key*]
|
||||
# (optional) Use this CA key file along with signing_certfile/signing_keyfile for signing
|
||||
# pki tokens and revocation lists.
|
||||
# Default: /etc/keystone/ssl/private/cakey.pem
|
||||
#
|
||||
# [*signing_cert_subject*]
|
||||
# (optional) Certificate subject (auto generated certificate) for token signing.
|
||||
|
@ -103,12 +154,29 @@
|
|||
# (optional) Key size (in bits) for token signing cert (auto generated certificate)
|
||||
# Defaults to 2048
|
||||
#
|
||||
# [rabbit_host] Location of rabbitmq installation. Optional. Defaults to localhost.
|
||||
# [rabbit_port] Port for rabbitmq instance. Optional. Defaults to 5672.
|
||||
# [rabbit_hosts] Location of rabbitmq installation. Optional. Defaults to undef.
|
||||
# [rabbit_password] Password used to connect to rabbitmq. Optional. Defaults to guest.
|
||||
# [rabbit_userid] User used to connect to rabbitmq. Optional. Defaults to guest.
|
||||
# [rabbit_virtual_host] The RabbitMQ virtual host. Optional. Defaults to /.
|
||||
# [*rabbit_host*]
|
||||
# (optional) Location of rabbitmq installation.
|
||||
# Defaults to localhost.
|
||||
#
|
||||
# [*rabbit_port*]
|
||||
# (optional) Port for rabbitmq instance.
|
||||
# Defaults to 5672.
|
||||
#
|
||||
# [*rabbit_hosts*]
|
||||
# (optional) Location of rabbitmq installation.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*rabbit_password*]
|
||||
# (optional) Password used to connect to rabbitmq.
|
||||
# Defaults to guest.
|
||||
#
|
||||
# [*rabbit_userid*]
|
||||
# (optional) User used to connect to rabbitmq.
|
||||
# Defaults to guest.
|
||||
#
|
||||
# [*rabbit_virtual_host*]
|
||||
# (optional) The RabbitMQ virtual host.
|
||||
# Defaults to /.
|
||||
#
|
||||
# [*rabbit_use_ssl*]
|
||||
# (optional) Connect over SSL for RabbitMQ
|
||||
|
@ -132,9 +200,16 @@
|
|||
# available on some distributions.
|
||||
# Defaults to 'TLSv1'
|
||||
#
|
||||
# [notification_driver] RPC driver. Not enabled by default
|
||||
# [notification_topics] AMQP topics to publish to when using the RPC notification driver.
|
||||
# [control_exchange] AMQP exchange to connect to if using RabbitMQ or Qpid
|
||||
# [*notification_driver*]
|
||||
# RPC driver. Not enabled by default
|
||||
#
|
||||
# [*notification_topics*]
|
||||
# (optional) AMQP topics to publish to when using the RPC notification driver.
|
||||
# Default to false.
|
||||
#
|
||||
# [*control_exchange*]
|
||||
# (optional) AMQP exchange to connect to if using RabbitMQ or Qpid
|
||||
# Default to false.
|
||||
#
|
||||
# [*public_bind_host*]
|
||||
# (optional) The IP address of the public network interface to listen on
|
||||
|
|
|
@ -1,6 +1,376 @@
|
|||
# == class: keystone::ldap
|
||||
#
|
||||
# Implements ldap configuration for keystone.
|
||||
#
|
||||
# === parameters:
|
||||
#
|
||||
# [*url*]
|
||||
# URL for connecting to the LDAP server. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user*]
|
||||
# User BindDN to query the LDAP server. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*password*]
|
||||
# Password for the BindDN to query the LDAP server. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*suffix*]
|
||||
# LDAP server suffix (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*query_scope*]
|
||||
# The LDAP scope for queries, this can be either "one"
|
||||
# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*page_size*]
|
||||
# Maximum results per page; a value of zero ("0") disables paging. (integer value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_tree_dn*]
|
||||
# Search base for users. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_filter*]
|
||||
# LDAP search filter for users. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_objectclass*]
|
||||
# LDAP objectclass for users. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_id_attribute*]
|
||||
# LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_name_attribute*]
|
||||
# LDAP attribute mapped to user name. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_mail_attribute*]
|
||||
# LDAP attribute mapped to user email. (string value)
|
||||
#
|
||||
# [*user_enabled_attribute*]
|
||||
# LDAP attribute mapped to user enabled flag. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_enabled_mask*]
|
||||
# Bitmask integer to indicate the bit that the enabled value is stored in if
|
||||
# the LDAP server represents "enabled" as a bit on an integer rather than a
|
||||
# boolean. A value of "0" indicates the mask is not used. If this is not set
|
||||
# to "0" the typical value is "2". This is typically used when
|
||||
# "user_enabled_attribute = userAccountControl". (integer value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_enabled_default*]
|
||||
# Default value to enable users. This should match an appropriate int value
|
||||
# if the LDAP server uses non-boolean (bitmask) values to indicate if a user
|
||||
# is enabled or disabled. If this is not set to "True" the typical value is
|
||||
# "512". This is typically used when "user_enabled_attribute =
|
||||
# userAccountControl". (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_enabled_invert*]
|
||||
# Invert the meaning of the boolean enabled values. Some LDAP servers use a
|
||||
# boolean lock attribute where "true" means an account is disabled. Setting
|
||||
# "user_enabled_invert = true" will allow these lock attributes to be used.
|
||||
# This setting will have no effect if "user_enabled_mask" or
|
||||
# "user_enabled_emulation" settings are in use. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_attribute_ignore*]
|
||||
# List of attributes stripped off the user on update. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_default_project_id_attribute*]
|
||||
# LDAP attribute mapped to default_project_id for users. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_allow_create*]
|
||||
# Allow user creation in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_allow_update*]
|
||||
# Allow user updates in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_allow_delete*]
|
||||
# Allow user deletion in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_pass_attribute*]
|
||||
# LDAP attribute mapped to password. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_enabled_emulation*]
|
||||
# If true, Keystone uses an alternative method to determine if
|
||||
# a user is enabled or not by checking if they are a member of
|
||||
# the "user_enabled_emulation_dn" group. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_enabled_emulation_dn*]
|
||||
# DN of the group entry to hold enabled users when using enabled emulation.
|
||||
# (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*user_additional_attribute_mapping*]
|
||||
# List of additional LDAP attributes used for mapping
|
||||
# additional attribute mappings for users. Attribute mapping
|
||||
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
|
||||
# attribute in the LDAP entry and user_attr is the Identity
|
||||
# API attribute. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_tree_dn*]
|
||||
# Search base for projects (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_filter*]
|
||||
# LDAP search filter for projects. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_objectclass*]
|
||||
# LDAP objectclass for projects. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_id_attribute*]
|
||||
# LDAP attribute mapped to project id. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_member_attribute*]
|
||||
# LDAP attribute mapped to project membership for user. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_name_attribute*]
|
||||
# LDAP attribute mapped to project name. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_desc_attribute*]
|
||||
# LDAP attribute mapped to project description. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_enabled_attribute*]
|
||||
# LDAP attribute mapped to project enabled. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_domain_id_attribute*]
|
||||
# LDAP attribute mapped to project domain_id. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_attribute_ignore*]
|
||||
# List of attributes stripped off the project on update. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_allow_create*]
|
||||
# Allow project creation in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_allow_update*]
|
||||
# Allow project update in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_allow_delete*]
|
||||
# Allow project deletion in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_enabled_emulation*]
|
||||
# If true, Keystone uses an alternative method to determine if
|
||||
# a project is enabled or not by checking if they are a member
|
||||
# of the "project_enabled_emulation_dn" group. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_enabled_emulation_dn*]
|
||||
# DN of the group entry to hold enabled projects when using
|
||||
# enabled emulation. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*project_additional_attribute_mapping*]
|
||||
# Additional attribute mappings for projects. Attribute
|
||||
# mapping format is <ldap_attr>:<user_attr>, where ldap_attr
|
||||
# is the attribute in the LDAP entry and user_attr is the
|
||||
# Identity API attribute. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_tree_dn*]
|
||||
# Search base for roles. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_filter*]
|
||||
# LDAP search filter for roles. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_objectclass*]
|
||||
# LDAP objectclass for roles. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_id_attribute*]
|
||||
# LDAP attribute mapped to role id. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_name_attribute*]
|
||||
# LDAP attribute mapped to role name. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_member_attribute*]
|
||||
# LDAP attribute mapped to role membership. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_attribute_ignore*]
|
||||
# List of attributes stripped off the role on update. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_allow_create*]
|
||||
# Allow role creation in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_allow_update*]
|
||||
# Allow role update in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_allow_delete*]
|
||||
# Allow role deletion in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*role_additional_attribute_mapping*]
|
||||
# Additional attribute mappings for roles. Attribute mapping
|
||||
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
|
||||
# attribute in the LDAP entry and user_attr is the Identity
|
||||
# API attribute. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_tree_dn*]
|
||||
# Search base for groups. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_filter*]
|
||||
# LDAP search filter for groups. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_objectclass*]
|
||||
# LDAP objectclass for groups. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_id_attribute*]
|
||||
# LDAP attribute mapped to group id. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_name_attribute*]
|
||||
# LDAP attribute mapped to group name. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_member_attribute*]
|
||||
# LDAP attribute mapped to show group membership. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_desc_attribute*]
|
||||
# LDAP attribute mapped to group description. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_attribute_ignore*]
|
||||
# List of attributes stripped off the group on update. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_allow_create*]
|
||||
# Allow group creation in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_allow_update*]
|
||||
# Allow group update in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_allow_delete*]
|
||||
# Allow group deletion in LDAP backend. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*group_additional_attribute_mapping*]
|
||||
# Additional attribute mappings for groups. Attribute mapping
|
||||
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
|
||||
# attribute in the LDAP entry and user_attr is the Identity
|
||||
# API attribute. (list value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*use_tls*]
|
||||
# Enable TLS for communicating with LDAP servers. (boolean value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*tls_cacertfile*]
|
||||
# CA certificate file path for communicating with LDAP servers. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*tls_cacertdir*]
|
||||
# CA certificate directory path for communicating with LDAP servers. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*tls_req_cert*]
|
||||
# Valid options for tls_req_cert are demand, never, and allow. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*identity_driver*]
|
||||
# Identity backend driver. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*assignment_driver*]
|
||||
# Assignment backend driver. (string value)
|
||||
# Defaults to 'undef'
|
||||
#
|
||||
# [*use_pool*]
|
||||
# Enable LDAP connection pooling. (boolean value)
|
||||
# Defaults to false
|
||||
#
|
||||
# [*pool_size*]
|
||||
# Connection pool size. (integer value)
|
||||
# Defaults to '10'
|
||||
#
|
||||
# [*pool_retry_max*]
|
||||
# Maximum count of reconnect trials. (integer value)
|
||||
# Defaults to '3'
|
||||
#
|
||||
# [*pool_retry_delay*]
|
||||
# Time span in seconds to wait between two reconnect trials. (floating point value)
|
||||
# Defaults to '0.1'
|
||||
#
|
||||
# [*pool_connection_timeout*]
|
||||
# Connector timeout in seconds. Value -1 indicates indefinite wait for response. (integer value)
|
||||
# Defaults to '-1'
|
||||
#
|
||||
# [*pool_connection_lifetime*]
|
||||
# Connection lifetime in seconds. (integer value)
|
||||
# Defaults to '600'
|
||||
#
|
||||
# [*use_auth_pool*]
|
||||
# Enable LDAP connection pooling for end user authentication.
|
||||
# If use_pool is disabled, then this setting is meaningless and is not used at all. (boolean value)
|
||||
# Defaults to false
|
||||
#
|
||||
# [*auth_pool_size*]
|
||||
# End user auth connection pool size. (integer value)
|
||||
# Defaults to '100'
|
||||
#
|
||||
# [*auth_pool_connection_lifetime*]
|
||||
# End user auth connection lifetime in seconds. (integer value)
|
||||
# Defaults to '60'
|
||||
#
|
||||
# === DEPRECATED group/name
|
||||
#
|
||||
# [*tenant_tree_dn*]
|
||||
# [*tenant_filter*]
|
||||
# [*tenant_objectclass*]
|
||||
# [*tenant_id_attribute*]
|
||||
# [*tenant_member_attribute*]
|
||||
# [*tenant_name_attribute*]
|
||||
# [*tenant_desc_attribute*]
|
||||
# [*tenant_enabled_attribute*]
|
||||
# [*tenant_domain_id_attribute*]
|
||||
# [*tenant_attribute_ignore*]
|
||||
# [*tenant_allow_create*]
|
||||
# [*tenant_allow_update*]
|
||||
# [*tenant_enabled_emulation*]
|
||||
# [*tenant_enabled_emulation_dn*]
|
||||
# [*tenant_additional_attribute_mapping*]
|
||||
# [*tenant_allow_delete*]
|
||||
#
|
||||
# == Dependencies
|
||||
# == Examples
|
||||
# == Authors
|
||||
|
|
|
@ -1,6 +1,16 @@
|
|||
# == Class keystone::python
|
||||
#
|
||||
# installs client python libraries for keystone
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*client_package_name*]
|
||||
# (optional) The name of python keystone client package
|
||||
# Defaults to $keystone::params::client_package_name
|
||||
#
|
||||
# [*ensure*]
|
||||
# (optional) The state for the keystone client package
|
||||
# Defaults to 'present'
|
||||
#
|
||||
class keystone::python (
|
||||
$client_package_name = $keystone::params::client_package_name,
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# == Class: keystone::roles::admin
|
||||
#
|
||||
# This class implements some reasonable admin defaults for keystone.
|
||||
#
|
||||
|
@ -8,18 +9,49 @@
|
|||
# * admin role
|
||||
# * adds admin role to admin user on the "admin" tenant
|
||||
#
|
||||
# [*Parameters*]
|
||||
# === Parameters:
|
||||
#
|
||||
# [email] The email address for the admin. Required.
|
||||
# [password] The admin password. Required.
|
||||
# [admin_roles] The list of the roles with admin privileges. Optional. Defaults to ['admin'].
|
||||
# [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack.
|
||||
# [admin] Admin user. Optional. Defaults to admin.
|
||||
# [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
|
||||
# [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
|
||||
# [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
|
||||
# [configure_user] Optional. Should the admin user be created? Defaults to 'true'.
|
||||
# [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'.
|
||||
# [*email*]
|
||||
# The email address for the admin. Required.
|
||||
#
|
||||
# [*password*]
|
||||
# The admin password. Required.
|
||||
#
|
||||
# [*admin_roles*]
|
||||
# The list of the roles with admin privileges. Optional.
|
||||
# Defaults to ['admin'].
|
||||
#
|
||||
# [*admin_tenant*]
|
||||
# The name of the tenant to be used for admin privileges. Optional.
|
||||
# Defaults to openstack.
|
||||
#
|
||||
# [*service_tenant*]
|
||||
# The name of service keystone tenant. Optional.
|
||||
# Defaults to 'services'.
|
||||
#
|
||||
# [*admin*]
|
||||
# Admin user. Optional.
|
||||
# Defaults to admin.
|
||||
#
|
||||
# [*ignore_default_tenant*]
|
||||
# Ignore setting the default tenant value when the user is created. Optional.
|
||||
# Defaults to false.
|
||||
#
|
||||
# [*admin_tenant_desc*]
|
||||
# Optional. Description for admin tenant,
|
||||
# Defaults to 'admin tenant'
|
||||
#
|
||||
# [*service_tenant_desc*]
|
||||
# Optional. Description for admin tenant,
|
||||
# Defaults to 'Tenant for the openstack services'
|
||||
#
|
||||
# [*configure_user*]
|
||||
# Optional. Should the admin user be created?
|
||||
# Defaults to 'true'.
|
||||
#
|
||||
# [*configure_user_role*]
|
||||
# Optional. Should the admin role be configured for the admin user?
|
||||
# Defaulst to 'true'.
|
||||
#
|
||||
# == Dependencies
|
||||
# == Examples
|
||||
|
|
|
@ -33,8 +33,7 @@
|
|||
# Defaults to $::keystone::params::service_provider
|
||||
#
|
||||
# [*validate*]
|
||||
# (optional) Whether to validate the service is working
|
||||
# after any service refreshes
|
||||
# (optional) Whether to validate the service is working after any service refreshes
|
||||
# Defaults to false
|
||||
#
|
||||
# [*admin_token*]
|
||||
|
|
|
@ -46,15 +46,41 @@
|
|||
# Optional. Defaults to 1
|
||||
#
|
||||
# [*ssl_cert*]
|
||||
# (optional) Path to SSL certificate
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_key*]
|
||||
# (optional) Path to SSL key
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_chain*]
|
||||
# (optional) SSL chain
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_ca*]
|
||||
# (optional) Path to SSL certificate authority
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_crl_path*]
|
||||
# (optional) Path to SSL certificate revocation list
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_crl*]
|
||||
# (optional) SSL certificate revocation list name
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_certs_dir*]
|
||||
# apache::vhost ssl parameters.
|
||||
# Optional. Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*priority*]
|
||||
# (optional) The priority for the vhost.
|
||||
# Defaults to '10'
|
||||
#
|
||||
# [*threads*]
|
||||
# (optional) The number of threads for the vhost.
|
||||
# Defaults to $::processorcount
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
# requires Class['apache'] & Class['keystone']
|
||||
|
|
Loading…
Reference in New Issue