07f19bd38a
Implements blueprint keystone-domain-configuration Adds a provider able to configure multiple domains and two parameters in keystone class to setup a working multi-domains configuration. The keystone_config type has been refactored into a mixin to be shared by keystone_config and keystone_domain_config. The provider, even though it is inheriting from openstack_config (and not keystone_config because it hard code the path), has required more new code. The problem is that we have several configuration files to work with (one per domain) which is unusual. The self.prefetch method is required to check the current catalog. If it's changing the Keystone_config[identity/domain_config_dir] we take it directly into account without the need for another run. Keystone_config[identity/domain_config_dir] configuration and the associated directory are autorequired. Change-Id: I5e4b298460ee592640af59ac9dcbefa3daf98098
41 lines
1.5 KiB
Puppet
41 lines
1.5 KiB
Puppet
# Example using v3 domain configuration. This setup a directory where
|
|
# the domain configurations will be and adjust the keystone.
|
|
# For the rest of the configuration check v3_basic.pp.
|
|
#
|
|
|
|
Exec { logoutput => 'on_failure' }
|
|
|
|
class { '::mysql::server': }
|
|
class { '::keystone::db::mysql':
|
|
password => 'keystone',
|
|
}
|
|
class { '::keystone':
|
|
verbose => true,
|
|
debug => true,
|
|
database_connection => 'mysql://keystone:keystone@192.168.1.1/keystone',
|
|
admin_token => 'admin_token',
|
|
enabled => true,
|
|
# The domain configuration setup at keystone level
|
|
using_domain_config => true,
|
|
}
|
|
class { '::keystone::roles::admin':
|
|
email => 'test@example.tld',
|
|
password => 'a_big_secret',
|
|
}
|
|
class { '::keystone::endpoint':
|
|
public_url => 'http://192.168.1.1:5000/',
|
|
admin_url => 'http://192.168.1.1:35357/',
|
|
}
|
|
|
|
# Creates the /etc/keystone/domains/keystone.my_domain.conf file and
|
|
# notifies keystone service
|
|
keystone_domain_config {
|
|
'my_domain::ldap/url': value => 'ldap://ldapservice.my_org.com';
|
|
'my_domain::ldap/user': value => 'cn=Manager,dc=openstack,dc=org';
|
|
'my_domain::ldap/password': value => 'mysecret';
|
|
'my_domain::ldap/suffix': value => 'dc=openstack,dc=org';
|
|
'my_domain::ldap/group_tree_dn': value => 'ou=UserGroups,dc=openstack,dc=org';
|
|
'my_domain::ldap/user_tree_dn': value => 'ou=Users,dc=openstack,dc=org';
|
|
'my_domain::ldap/user_mail_attribute': value => 'mail';
|
|
}
|