ebb2450ce5
This patch implements the class to configure Keystone as a Service Provider. It covers only Keystone as SP for K2K (Protocol is SAML and module is Shibboleth) On Debian based systems: 1- Configure keystone.conf 2- Install Shibboleth 3- Reconfigure the selected Keystone VirtualHost on Apache. On RedHat based systems: 1- Configure keystone.conf 2- Reconfigure the selected Keystone VirtualHost on Apache. Note: Step 2 will only execute if the user have add the extra repository or installed shibboleth. (About the extra repository, see: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxRPMInstall) Implements: blueprint enabling-federation Change-Id: I32a1487c7674605124e6d0b182fe38ea4b58de87
73 lines
2.3 KiB
Puppet
73 lines
2.3 KiB
Puppet
# Example to configure Keystone as Service Provider for
|
|
# K2K Federation.
|
|
#
|
|
# To be sure everything is working, run:
|
|
# $ export OS_USERNAME=admin
|
|
# $ export OS_PASSWORD=ChangeMe
|
|
# $ export OS_TENANT_NAME=openstack
|
|
# $ export OS_AUTH_URL=http://keystone.local/keystone/main/v2.0
|
|
# $ keystone catalog
|
|
# Service: identity
|
|
# +-------------+----------------------------------------------+
|
|
# | Property | Value |
|
|
# +-------------+----------------------------------------------+
|
|
# | adminURL | http://keystone.local:80/keystone/admin/v2.0 |
|
|
# | id | 4f0f55f6789d4c73a53c51f991559b72 |
|
|
# | internalURL | http://keystone.local:80/keystone/main/v2.0 |
|
|
# | publicURL | http://keystone.local:80/keystone/main/v2.0 |
|
|
# | region | RegionOne |
|
|
# +-------------+----------------------------------------------+
|
|
#
|
|
|
|
Exec { logoutput => 'on_failure' }
|
|
|
|
# Note: The yumrepo part is only necessary if you are using RedHat.
|
|
# Yumrepo begin
|
|
yumrepo { 'shibboleth':
|
|
name => 'Shibboleth',
|
|
baseurl => 'http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/',
|
|
descr => 'Shibboleth repo for RedHat',
|
|
gpgcheck => 1,
|
|
gpgkey => 'http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/repodata/repomd.xml.key',
|
|
enabled => 1,
|
|
require => Anchor['openstack_extras_redhat']
|
|
}
|
|
|
|
Yumrepo['shibboleth'] -> Class['::keystone::federation::shibboleth']
|
|
# Yumrepo end
|
|
|
|
class { '::mysql::server': }
|
|
class { '::keystone::db::mysql':
|
|
password => 'keystone',
|
|
}
|
|
|
|
class { '::keystone':
|
|
verbose => true,
|
|
debug => true,
|
|
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
|
|
catalog_type => 'sql',
|
|
admin_token => 'admin_token',
|
|
enabled => false,
|
|
}
|
|
|
|
class { '::keystone::roles::admin':
|
|
email => 'test@puppetlabs.com',
|
|
password => 'ChangeMe',
|
|
}
|
|
|
|
class { '::keystone::endpoint':
|
|
public_url => "https://${::fqdn}:5000/",
|
|
admin_url => "https://${::fqdn}:35357/",
|
|
}
|
|
|
|
keystone_config { 'ssl/enable': value => true }
|
|
|
|
include ::apache
|
|
class { '::keystone::wsgi::apache':
|
|
ssl => true
|
|
}
|
|
|
|
class { '::keystone::federation::shibboleth':
|
|
methods => 'password, token, oauth1, saml2',
|
|
}
|