openstack/puppet-keystone
Code Issues Proposed changes
OpenStack Keystone Puppet Module
275 Commits 9 Branches 42 Tags 25 MiB
Ruby 64.6%
Puppet 32.3%
Python 1.6%
HTML 1.4%
85639708a6
Go to file
Dan Bode 85639708a6 level up keystone testing script 
This fixes some issues with the previous keystone
test script.

1. conditionally requires rubygems in case that is how
puppet is installed
2. installs curl if not installed
3. performs way more queries. so that this can serve as
a reminder to me about how to play with the keystone apis.
2013-01-11 16:01:48 -08:00
examples edit example manifest 2012-10-31 15:00:44 -07:00
ext level up keystone testing script 2013-01-11 16:01:48 -08:00
lib/puppet Aded rescue for users whos primary tenant is non existant 2012-12-11 21:12:57 -08:00
manifests Adding the ability to specify https for the public endpoint 2012-11-21 22:57:52 +00:00
spec Move keystone ldap class to correct file. 2012-11-06 14:54:08 -08:00
templates/client remove more unused files 2012-10-23 15:32:39 -07:00
.fixtures.yml Add create_resource as a dep 2012-10-26 12:06:08 -07:00
.gemfile Update module for the puppetlabs_spec_helper gem 2012-05-31 16:55:33 -07:00
.gitignore added pkg to .gitignore 2012-11-02 12:28:28 -07:00
.travis.yml Add travis file 2012-10-23 11:41:43 -07:00
CHANGELOG update changelog for 1.0.1 release 2012-11-02 12:33:18 -07:00
LICENSE Added explicit license 2012-08-23 15:00:52 -07:00
Modulefile Release 1.0.1 2012-11-02 12:29:58 -07:00
Rakefile Update module for the puppetlabs_spec_helper gem 2012-05-31 16:55:33 -07:00
README.md Update README.md 2013-01-02 11:58:46 -08:00

README.md

Overview

Keystone is the Identity service for OpenStack.

This modules contains classes and native types that install and configure keystone.

This version of the module is targetted at Folsom. The Essex version of this module can be found in the essex branch.

Unit Test Status

Tested use cases

This module has mainly been tested against Ubuntu Precise and RHEL 6.

It has only currently been tested as a single node installation of keystone.

Dependencies:

This module has relatively few dependencies:

if using mysql as a backend

https://github.com/puppetlabs/puppetlabs-mysql

Usage

class keystone

The keystone class sets up the basic configuration for the keystone service.

for example:

class { 'keystone':
  admin_token => 'my_secret_token'
  verbose     => 'True',
}

setting up a keystone mysql db

A keystone mysql database can be configured separately from the service.

If you need to actually install a mysql database server, you can use the mysql::server class from the puppetlabs mysql module

# check out the mysql module's README to learn more about
# how to more appropriately configure a server
# http://forge.puppetlabs.com/puppetlabs/mysql
class { 'mysql::server': }

class { 'keystone::mysql':
  dbname   => 'keystone',
  user     => 'keystone',
  password => 'keystone_password',
}

setting up a keystone postgresql db

A keystone postgresql database can be configured separately from the service instead of mysql.

Use puppetlab's postgresql module to install postgresql. http://forge.puppetlabs.com/puppetlabs/postgresql

class { 'postgresql::server': }

class { 'keystone::postgresql':
    dbname   => 'keystone',
    user     => 'keystone',
    password => 'keystone_password',
}

Install keystone role

The following class adds admin credentials to keystone.

class { 'keystone::roles::admin':
  email        => 'you@your_domain.com',
  password     => 'password',
  admin_tenant => 'admin_tenant',
}

Install service user and endpoint

The following class installs the keystone service user and endpoints.

class { 'keystone::endpoint':
  public_address   => '212.234.21.4',
  admin_address    => '10.0.0.4',
  internal_address => '11.0.1.4',
  region           => 'RegionTwo',
}

Examples

Examples can be located in the examples directory of this modules. The node keystone_mysql is the most common deployment style.

The keystone deployment description that I use for testing can be found here:

https://github.com/puppetlabs/puppetlabs-openstack_dev_env/tree/master/manifests

Native Types

The Puppet support for keystone also includes native types that can be used to manage the following keystone objects:

- keystone_tenant
- keystone_user
- keystone_role
- keystone_user_role
- keystone_service
- keystone_endpoint

These types will only work on the keystone server (and they read keystone.conf to figure out the admin port and admin token, which is kind of hacky, but the best way I could think of.)

- keystone_config - manages individual config file entries as resources.

examples

keystone_tenant { 'openstack':
  ensure  => present,
  enabled => 'True',
}
keystone_user { 'openstack':
  ensure  => present,
  enabled => 'True'
}
keystone_role { 'admin':
  ensure => present,
}
keystone_user_role { 'admin@openstack':
  roles => ['admin', 'superawesomedude'],
  ensure => present
}

The keystone_config native type allows you to arbitrarily modify any config line from any scope in Puppet.

keystone_config { 'ssl/enable':
  value => 'True',
}

puppet resource

These native types also allow for some interesting introspection using puppet resource

To list all of the objects of a certain type in the keystone database, you can run:

puppet resource

For example, the following command lists all keystone tenants when run on the keystone server:

puppet resource keystone_tenant