135 lines
3.5 KiB
Puppet
135 lines
3.5 KiB
Puppet
# == Class keystone::service
|
|
#
|
|
# Encapsulates the keystone service to a class.
|
|
# This allows resources that require keystone to
|
|
# require this class, which can optionally
|
|
# validate that the service can actually accept
|
|
# connections.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*ensure*]
|
|
# (optional) The desired state of the keystone service
|
|
# Defaults to undef
|
|
#
|
|
# [*service_name*]
|
|
# (optional) The name of the keystone service
|
|
# Defaults to $::keystone::params::service_name
|
|
#
|
|
# [*enable*]
|
|
# (optional) Whether to enable the keystone service
|
|
# Defaults to true
|
|
#
|
|
# [*hasstatus*]
|
|
# (optional) Whether the keystone service has status
|
|
# Defaults to true
|
|
#
|
|
# [*hasrestart*]
|
|
# (optional) Whether the keystone service has restart
|
|
# Defaults to true
|
|
#
|
|
# [*validate*]
|
|
# (optional) Whether to validate the service is working after any service refreshes
|
|
# Defaults to false
|
|
#
|
|
# [*admin_token*]
|
|
# (optional) The admin token to use for validation
|
|
# Defaults to undef
|
|
#
|
|
# [*admin_endpoint*]
|
|
# (optional) The admin endpont to use for validation
|
|
# Defaults to 'http://localhost:5000/v2.0'
|
|
#
|
|
# [*retries*]
|
|
# (optional) Number of times to retry validation
|
|
# Defaults to 10
|
|
#
|
|
# [*delay*]
|
|
# (optional) Number of seconds between validation attempts
|
|
# Defaults to 2
|
|
#
|
|
# [*insecure*]
|
|
# (optional) Whether to validate keystone connections
|
|
# using the --insecure option with keystone client.
|
|
# Defaults to false
|
|
#
|
|
# [*cacert*]
|
|
# (optional) Whether to validate keystone connections
|
|
# using the specified argument with the --os-cacert option
|
|
# with keystone client.
|
|
# Defaults to undef
|
|
#
|
|
class keystone::service(
|
|
$ensure = undef,
|
|
$service_name = $::keystone::params::service_name,
|
|
$enable = true,
|
|
$hasstatus = true,
|
|
$hasrestart = true,
|
|
$validate = false,
|
|
$admin_token = undef,
|
|
$admin_endpoint = 'http://localhost:5000/v2.0',
|
|
$retries = 10,
|
|
$delay = 2,
|
|
$insecure = false,
|
|
$cacert = undef,
|
|
) {
|
|
|
|
include ::keystone::deps
|
|
include ::keystone::params
|
|
|
|
if ($service_name == 'keystone-public-keystone-admin'){
|
|
service { 'keystone-public':
|
|
ensure => $ensure,
|
|
name => 'keystone-public',
|
|
enable => $enable,
|
|
hasstatus => $hasstatus,
|
|
hasrestart => $hasrestart,
|
|
tag => 'keystone-service',
|
|
}
|
|
service { 'keystone-admin':
|
|
ensure => $ensure,
|
|
name => 'keystone-admin',
|
|
enable => $enable,
|
|
hasstatus => $hasstatus,
|
|
hasrestart => $hasrestart,
|
|
tag => 'keystone-service',
|
|
}
|
|
} else {
|
|
service { 'keystone':
|
|
ensure => $ensure,
|
|
name => $service_name,
|
|
enable => $enable,
|
|
hasstatus => $hasstatus,
|
|
hasrestart => $hasrestart,
|
|
tag => 'keystone-service',
|
|
}
|
|
}
|
|
|
|
if $insecure {
|
|
$insecure_s = '--insecure'
|
|
} else {
|
|
$insecure_s = ''
|
|
}
|
|
|
|
if $cacert {
|
|
$cacert_s = "--os-cacert ${cacert}"
|
|
} else {
|
|
$cacert_s = ''
|
|
}
|
|
|
|
if $validate and $admin_token and $admin_endpoint {
|
|
$cmd = "openstack --os-auth-url ${admin_endpoint} --os-token ${admin_token} ${insecure_s} ${cacert_s} user list"
|
|
$catch = 'name'
|
|
exec { 'validate_keystone_connection':
|
|
path => '/usr/bin:/bin:/usr/sbin:/sbin',
|
|
provider => shell,
|
|
command => $cmd,
|
|
subscribe => Service['keystone'],
|
|
refreshonly => true,
|
|
tries => $retries,
|
|
try_sleep => $delay,
|
|
notify => Anchor['keystone::service::end'],
|
|
}
|
|
}
|
|
}
|