openstack/puppet-openstack-integration
Code Issues Proposed changes

scenario003: deploy keystone with fernet tokens

Browse Source 
On Scenario003, deploy keystone with fernet tokens, to improve testing
coverage and test out-of-the-box deployment.
On other scenarios, deploy uuid by default.

Change-Id: Id84982fc2a3843e4b413c6f3112e70fd2f749b9b
This commit is contained in:
Emilien Macchi 2016-04-13 15:17:05 -04:00
parent 50dd41cd8d
commit 25eab2769a
3 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -36,6 +36,7 @@ scenario](#All-In-One).
| ssl | yes | yes | yes | no | | ssl | yes | yes | yes | no |
| ipv6 | centos7 | centos7 | centos7 | no | | ipv6 | centos7 | centos7 | centos7 | no |
| keystone | X | X | X | X | | keystone | X | X | X | X |
| tokens | uuid | uuid | fernet | uuid |
| glance | rbd | swift | file | file | | glance | rbd | swift | file | file |
| nova | rbd | X | X | X | | nova | rbd | X | X | X |
| neutron | ovs | ovs | linuxbridge | ovs | | neutron | ovs | ovs | linuxbridge | ovs |

4
fixtures/scenario003.pp
View File

@ -38,7 +38,9 @@ class { '::openstack_integration::config':
include ::openstack_integration::cacert include ::openstack_integration::cacert
include ::openstack_integration::rabbitmq include ::openstack_integration::rabbitmq
include ::openstack_integration::mysql include ::openstack_integration::mysql
include ::openstack_integration::keystone class { '::openstack_integration::keystone':
token_provider => 'fernet',
}
include ::openstack_integration::glance include ::openstack_integration::glance
class { '::openstack_integration::neutron': class { '::openstack_integration::neutron':
driver => 'linuxbridge', driver => 'linuxbridge',

13
manifests/keystone.pp
View File

@ -11,9 +11,14 @@
# and the associated configuration in keystone.conf is set up right. # and the associated configuration in keystone.conf is set up right.
# Defaults to false # Defaults to false
# #
# [*token_provider*]
# (optional) Define the token provider to use.
# Default to 'uuid'.
#
class openstack_integration::keystone ( class openstack_integration::keystone (
$default_domain = undef, $default_domain = undef,
$using_domain_config = false, $using_domain_config = false,
$token_provider = 'uuid',
) { ) {
include ::openstack_integration::config include ::openstack_integration::config
@ -27,6 +32,12 @@ class openstack_integration::keystone (
Exec['update-ca-certificates'] ~> Service['httpd'] Exec['update-ca-certificates'] ~> Service['httpd']
} }
if $token_provider == 'fernet' {
$enable_fernet_setup = true
} else {
$enable_fernet_setup = false
}
class { '::keystone::client': } class { '::keystone::client': }
class { '::keystone::cron::token_flush': } class { '::keystone::cron::token_flush': }
class { '::keystone::db::mysql': class { '::keystone::db::mysql':
@ -45,6 +56,8 @@ class openstack_integration::keystone (
public_bind_host => $::openstack_integration::config::host, public_bind_host => $::openstack_integration::config::host,
admin_bind_host => $::openstack_integration::config::host, admin_bind_host => $::openstack_integration::config::host,
manage_policyrcd => true, manage_policyrcd => true,
token_provider => $token_provider,
enable_fernet_setup => $enable_fernet_setup,
} }
include ::apache include ::apache
class { '::keystone::wsgi::apache': class { '::keystone::wsgi::apache':