puppet-keystone/examples/v3_basic.pp
Rich Megginson 11a4ca443e support for keystone v3 api - examples
This patch implements these parts of the blueprint:

1) Adds an example of a manifest that uses domains.
   Adds an example of how to test that v3 authentication is working using
   ruby and curl.

Change-Id: I1354c6aeb0f4c25daadc3b7e04bbe4b067f11e03
Implements: blueprint api-v3-support
2015-07-09 16:36:30 +00:00

48 lines
1.7 KiB
Puppet

# Example using v3 domains. The admin user is created in the domain
# named 'admin_domain', and assigned the role 'admin' in the 'admin'
# project in the domain 'admin_domain'. The keystone service account is
# created in default domain, and assigned the
# role 'admin' in the project 'services' in the default domain.
# NOTE: Until all of the other services support using Keystone v3
# with keystone_authtoken middleware that supports v3, they cannot
# specify a domain for authentication, and so have to be in the
# default domain.
#
# To be sure everything is working, run:
# $ export OS_IDENTITY_API_VERSION=3
# $ export OS_USERNAME=admin
# $ export OS_USER_DOMAIN_NAME=admin_domain
# $ export OS_PASSWORD=ChangeMe
# $ export OS_PROJECT_NAME=admin
# $ export OS_PROJECT_DOMAIN_NAME=admin_domain
# $ export OS_AUTH_URL=http://keystone.local:35357/v3
# $ openstack user list
#
Exec { logoutput => 'on_failure' }
class { '::mysql::server': }
class { '::keystone::db::mysql':
password => 'keystone',
}
class { '::keystone':
verbose => true,
debug => true,
database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'admin_token',
enabled => true,
}
class { '::keystone::roles::admin':
email => 'test@example.tld',
password => 'a_big_secret',
admin => 'admin', # username
admin_tenant => 'admin', # project name
admin_user_domain => 'admin', # domain for user
admin_tenant_domain => 'admin', # domain for project
}
class { '::keystone::endpoint':
public_url => 'http://127.0.0.1:5000/',
admin_url => 'http://127.0.0.1:35357/',
}