7faad823d1
Is used to configure the trust/trustee_keystone_region_name configuration option. Change-Id: Id27849c76e4d970810b122ef478e333e82c0d495
131 lines
3.9 KiB
Puppet
131 lines
3.9 KiB
Puppet
# == Class: magnum::keystone::domain
|
|
#
|
|
# Configures magnum domain in Keystone.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*cluster_user_trust*]
|
|
# enable creation of a user trust for clusters.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*domain_name*]
|
|
# magnum domain name.
|
|
# Defaults to 'magnum'.
|
|
#
|
|
# [*domain_id*]
|
|
# id of the domain to create trustee for clusters.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*domain_admin*]
|
|
# Keystone domain admin user which will be created.
|
|
# Defaults to 'magnum_admin'.
|
|
#
|
|
# [*domain_admin_id*]
|
|
# Id of the admin with roles sufficient to manage users in the trustee_domain.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*domain_admin_domain_name*]
|
|
# Name of the domain admin user's domain.
|
|
# Defaults to $domain_name.
|
|
#
|
|
# [*domain_admin_domain_id*]
|
|
# Id of the domain admin user's domain.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*domain_admin_email*]
|
|
# Keystone domain admin user email address.
|
|
# Defaults to 'magnum_admin@localhost'.
|
|
#
|
|
# [*domain_password*]
|
|
# Keystone domain admin user password.
|
|
# Defaults to 'changeme'.
|
|
#
|
|
# [*roles*]
|
|
# The roles which are delegated to the trustee by the trustor.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*keystone_interface*]
|
|
# Auth interface used by instances/trustee.
|
|
# Defaults to 'public'.
|
|
#
|
|
# [*keystone_region_name*]
|
|
# Region in Identity service catalog to use for
|
|
# communication with the OpenStack service.
|
|
# Defaults to $::os_service_default.
|
|
#
|
|
# [*manage_domain*]
|
|
# Whether manage or not the domain creation.
|
|
# If using the default domain, it needs to be False because puppet-keystone
|
|
# can already manage it.
|
|
# Defaults to 'true'.
|
|
#
|
|
# [*manage_user*]
|
|
# Whether manage or not the user creation.
|
|
# Defaults to 'true'.
|
|
#
|
|
# [*manage_role*]
|
|
# Whether manage or not the user role creation.
|
|
# Defaults to 'true'.
|
|
#
|
|
class magnum::keystone::domain (
|
|
$cluster_user_trust = $::os_service_default,
|
|
$domain_name = 'magnum',
|
|
$domain_id = $::os_service_default,
|
|
$domain_admin = 'magnum_admin',
|
|
$domain_admin_id = $::os_service_default,
|
|
$domain_admin_email = 'magnum_admin@localhost',
|
|
$domain_password = 'changeme',
|
|
$domain_admin_domain_name = $::os_service_default,
|
|
$domain_admin_domain_id = $::os_service_default,
|
|
$roles = $::os_service_default,
|
|
$keystone_interface = 'public',
|
|
$keystone_region_name = $::os_service_default,
|
|
$manage_domain = true,
|
|
$manage_user = true,
|
|
$manage_role = true,
|
|
) {
|
|
|
|
include magnum::deps
|
|
include magnum::params
|
|
|
|
if $manage_domain {
|
|
ensure_resource('keystone_domain', $domain_name, {
|
|
'ensure' => 'present',
|
|
'enabled' => true,
|
|
}
|
|
)
|
|
}
|
|
|
|
if $manage_user {
|
|
ensure_resource('keystone_user', "${domain_admin}::${domain_name}", {
|
|
'ensure' => 'present',
|
|
'enabled' => true,
|
|
'email' => $domain_admin_email,
|
|
'password' => $domain_password,
|
|
}
|
|
)
|
|
}
|
|
|
|
if $manage_role {
|
|
ensure_resource('keystone_user_role', "${domain_admin}::${domain_name}@::${domain_name}", {
|
|
'roles' => ['admin'],
|
|
}
|
|
)
|
|
}
|
|
|
|
magnum_config {
|
|
'trust/cluster_user_trust': value => $cluster_user_trust;
|
|
'trust/trustee_domain_name': value => $domain_name;
|
|
'trust/trustee_domain_id': value => $domain_id;
|
|
'trust/trustee_domain_admin_name': value => $domain_admin;
|
|
'trust/trustee_domain_admin_id': value => $domain_admin_id;
|
|
'trust/trustee_domain_admin_domain_name': value => $domain_admin_domain_name;
|
|
'trust/trustee_domain_admin_domain_id': value => $domain_admin_domain_id;
|
|
'trust/trustee_domain_admin_password': value => $domain_password, secret => true;
|
|
'trust/roles': value => $roles;
|
|
'trust/trustee_keystone_interface': value => $keystone_interface;
|
|
'trust/trustee_keystone_region_name': value => $keystone_region_name;
|
|
}
|
|
|
|
}
|