openstack/puppet-nova
Code Issues Proposed changes
Files
3453611d08ca802e6d18fefab450aee0e427fda9
puppet-nova/manifests/key_manager/barbican.pp
Takashi Kajinami 3453611d08 key_manager: Add service user options for Barbican key manager 
This change introduces some parameters to set up the service user token
feature for Barbican key manager, which was implemented during the Xena
cycle[1].

[1] 162039467ad0dfc5e25a16b75d9072d607690702

Depends-on: https://review.opendev.org/810451
Change-Id: I217e20e3d10fecffd3fb8654f047a7e285331723
2022-01-07 08:29:18 +09:00

74 lines
2.5 KiB
Puppet
Raw Blame History

# == Class: nova::key_manager::barbican
#
# Setup and configure Barbican Key Manager options
#
# === Parameters
#
# [*barbican_endpoint*]
# (Optional) Use this endpoint to connect to Barbican.
# Defaults to $::os_service_default
#
# [*barbican_api_version*]
# (Optional) Version of the Barbican API.
# Defaults to $::os_service_default
#
# [*auth_endpoint*]
# (Optional) Use this endpoint to connect to Keystone.
# Defaults to $::os_service_default
#
# [*retry_delay*]
# (Optional) Number of seconds to wait before retrying poll for key creation
# completion.
# Defaults to $::os_service_default
#
# [*number_of_retries*]
# (Optional) Number of times to retry poll fo key creation completion.
# Defaults to $::os_service_default
#
# [*barbican_endpoint_type*]
# (Optional) Specifies the type of endpoint.
# Defaults to $::os_service_default
#
# [*barbican_region_name*]
# (Optional) Specifies the region of the chosen endpoint.
# Defaults to $::os_service_default
#
# [*send_service_user_token*]
# (Optional) The service uses service token feature when this is set as true.
# Defaults to $::os_service_default
#
class nova::key_manager::barbican (
$barbican_endpoint = $::os_service_default,
$barbican_api_version = $::os_service_default,
$auth_endpoint = $::os_service_default,
$retry_delay = $::os_service_default,
$number_of_retries = $::os_service_default,
$barbican_endpoint_type = $::os_service_default,
$barbican_region_name = $::os_service_default,
$send_service_user_token = $::os_service_default,
) {
include nova::deps
$barbican_endpoint_real = pick($nova::compute::barbican_endpoint, $barbican_endpoint)
$auth_endpoint_real = pick($nova::compute::barbican_auth_endpoint, $auth_endpoint)
$barbican_api_version_real = pick($nova::compute::barbican_api_version, $barbican_api_version)
# cryptsetup is required when Barbican is encrypting volumes
ensure_packages('cryptsetup', {
ensure => present,
tag => 'openstack',
})
oslo::key_manager::barbican { 'nova_config':
barbican_endpoint => $barbican_endpoint_real,
barbican_api_version => $barbican_api_version_real,
auth_endpoint => $auth_endpoint_real,
retry_delay => $retry_delay,
number_of_retries => $number_of_retries,
barbican_endpoint_type => $barbican_endpoint_type,
barbican_region_name => $barbican_region_name,
send_service_user_token => $send_service_user_token,
}
}
View Git Blame Copy Permalink