openstack/puppet-swift
Code Issues Proposed changes
Files
c659733d39c1c3e4739db272645d80e7985e8883
puppet-swift/manifests/proxy/authtoken.pp
Adam Vinsh c659733d39 Add hooks for external install & svc management 
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain.  This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.

Change-Id: I00cf4846bb933291469be94c9debed425eddf798
2016-05-25 08:52:47 -04:00

132 lines
4.0 KiB
Puppet
Raw Blame History

#
# This class can be used to manage keystone's authtoken middleware
# for swift proxy
#
# == Parameters
#
# [*admin_token*]
# Keystone admin token that can serve as a shared secret
# for authenticating. If this is choosen if is used instead of a user,tenant,password.
# Optional. Defaults to false.
#
# [*admin_user*]
# User used to authenticate service.
# Optional. Defaults to 'swift'.
#
# [*admin_tenant_name*]
# Tenant used to authenticate service.
# Optional. Defaults to 'services'.
#
# [*admin_password*]
# Password used with user to authenticate service.
# Optional. Defaults to 'password'.
#
# [*delay_auth_decision*]
# Set to 1 to support token-less access (anonymous access, tempurl, ...)
# Optional, Defaults to 0
#
# [*auth_host*]
# Host providing the keystone service API endpoint. Optional.
# Defaults to 127.0.0.1
#
# [*auth_port*]
# Port where keystone service is listening. Optional.
# Defaults to 3557.
#
# [*auth_protocol*]
# Protocol to use to communicate with keystone. Optional.
# Defaults to https.
#
# [*auth_admin_prefix*]
# Path part of the auth url. Optional.
# This allows admin auth URIs like http://host/keystone/admin/v2.0.
# Defaults to false for empty. It defined, should be a string with a leading '/' and no trailing '/'.
#
# [*auth_uri*]
# The public auth url to redirect unauthenticated requests.
# Defaults to false to be expanded to '${auth_protocol}://${auth_host}:5000'.
# Should be set to your public keystone endpoint (without version).
#
# [*identity_uri*]
# identity_uri points to the Keystone Admin service. This information is
# used by the middleware to actually query Keystone about the validity of the
# authentication tokens. It is not necessary to append any Keystone API version
# number to this URI.
# Defaults to false.
#
# [*signing_dir*]
# The cache directory for signing certificates.
# Defaults to '/var/cache/swift'
#
# [*cache*]
# The cache backend to use
# Optional. Defaults to 'swift.cache'
#
# == Authors
#
# Dan Bode dan@puppetlabs.com
#
# == Copyright
#
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
#
class swift::proxy::authtoken(
$admin_user = 'swift',
$admin_tenant_name = 'services',
$admin_password = 'password',
$auth_uri = false,
$identity_uri = false,
$delay_auth_decision = 1,
$admin_token = false,
$signing_dir = '/var/cache/swift',
$cache = 'swift.cache',
# DEPRECATED PARAMETERS
$auth_host = '127.0.0.1',
$auth_port = '35357',
$auth_protocol = 'http',
$auth_admin_prefix = false,
) {
include ::swift::deps
if $auth_uri {
$auth_uri_real = $auth_uri
} else {
$auth_uri_real = "${auth_protocol}://${auth_host}:5000"
}
# if both auth_uri and identity_uri are set we skip these deprecated warnings
if !$auth_uri or !$identity_uri {
if $auth_host {
warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.')
}
if $auth_port {
warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.')
}
if $auth_protocol {
warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.')
}
if $auth_admin_prefix {
warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.')
validate_re($auth_admin_prefix, '^(/.+[^/])?$')
}
}
file { $signing_dir:
ensure => directory,
mode => '0700',
owner => 'swift',
group => 'swift',
selinux_ignore_defaults => true,
require => Anchor['swift::config::begin'],
before => Anchor['swift::config::end'],
}
concat::fragment { 'swift_authtoken':
target => '/etc/swift/proxy-server.conf',
content => template('swift/proxy/authtoken.conf.erb'),
order => '22',
}
}
View Git Blame Copy Permalink