stackforge/puppet-openstack
Code Issues Proposed changes
Files
ba0c921368609f4716d40b632b9d945ff1aca7f3
puppet-openstack/manifests/keystone.pp
Francois Deppierraz 97e4579cb8 Add syslog support to the openstack module 
This change depends on the syslog implementation in all other dependent
modules.

Change-Id: Id500009a5308100775f1a35e20f7c089ff5a319b
2013-10-09 21:47:13 +02:00

438 lines
14 KiB
Puppet
Raw Blame History

#
# == Class: openstack::keystone
#
# Installs and configures Keystone
#
# === Parameters
#
# [db_host] Host where DB resides. Optional. Defaults to 127.0.0.1..
# [idle_timeout] Timeout to reap SQL connections. Optional. Defaults to '200'.
# [db_password] Password for keystone DB. Required.
# [admin_token]. Auth token for keystone admin. Required.
# [admin_email] Email address of system admin. Required.
# [admin_password] Auth password for admin user. Required.
# [glance_user_password] Auth password for glance user. Required.
# [nova_user_password] Auth password for nova user. Required.
# [public_address] Public address where keystone can be accessed. Required.
# [public_protocol] Public protocol over which keystone can be accessed. Defaults to 'http'
# [token_format] Format keystone uses for tokens. Optional. Defaults to PKI.
# Supports PKI and UUID.
# [db_type] Type of DB used. Currently only supports mysql. Optional. Defaults to 'mysql'
# [db_ssl] Boolean whether to use SSL for database. Defaults to false.
# [db_ssl_ca] If db_ssl is true, this is used in the connection to define the CA. Default undef.
# [db_user] Name of keystone db user. Optional. Defaults to 'keystone'
# [db_name] Name of keystone DB. Optional. Defaults to 'keystone'
# [admin_tenant] Name of keystone admin tenant. Optional. Defaults to 'admin'
# [verbose] Log verbosely. Optional. Defaults to false.
# [debug] Log at a debug-level. Optional. Defaults to false.
# [token_driver] Driver to use for managing tokens.
# Optional. Defaults to 'keystone.token.backends.sql.Token'
# [bind_host] Address that keystone binds to. Optional. Defaults to '0.0.0.0'
# [internal_address] Internal address for keystone. Optional. Defaults to $public_address
# [admin_address] Keystone admin address. Optional. Defaults to $internal_address
# [glance] Set up glance endpoints and auth. Optional. Defaults to true
# [nova] Set up nova endpoints and auth. Optional. Defaults to true
# [swift] Set up swift endpoints and auth. Optional. Defaults to false
# [swift_user_password]
# Auth password for swift.
# (Optional) Defaults to false.
# [use_syslog] Use syslog for logging. Defaults to false.
# [log_facility] Syslog facility to receive log lines. Defaults to LOG_USER.
# [enabled] If the service is active (true) or passive (false).
# Optional. Defaults to true
#
# === Example
#
# class { 'openstack::keystone':
# db_host => '127.0.0.1',
# db_password => 'changeme',
# admin_token => '12345',
# admin_email => 'root@localhost',
# admin_password => 'changeme',
# glance_user_password => 'glance',
# nova_user_password => 'nova',
# cinder_user_password => 'cinder',
# neutron_user_password => 'neutron',
# public_address => '192.168.1.1',
# }
class openstack::keystone (
$db_password,
$admin_token,
$admin_email,
$admin_password,
$public_address,
$public_protocol = 'http',
$token_format = 'PKI',
$db_host = '127.0.0.1',
$idle_timeout = '200',
$db_type = 'mysql',
$db_user = 'keystone',
$db_name = 'keystone',
$db_ssl = false,
$db_ssl_ca = undef,
$admin_tenant = 'admin',
$verbose = false,
$debug = false,
$bind_host = '0.0.0.0',
$region = 'RegionOne',
$token_driver = 'keystone.token.backends.sql.Token',
$internal_address = false,
$admin_address = false,
$enabled = true,
# nova
$nova = true,
$nova_user_password,
$nova_public_address = false,
$nova_internal_address = false,
$nova_admin_address = false,
# glance
$glance = true,
$glance_user_password,
$glance_public_address = false,
$glance_internal_address = false,
$glance_admin_address = false,
# cinder
$cinder = true,
$cinder_user_password,
$cinder_public_address = false,
$cinder_internal_address = false,
$cinder_admin_address = false,
# neutron
$neutron = true,
$neutron_user_password,
$neutron_public_address = false,
$neutron_internal_address = false,
$neutron_admin_address = false,
# ceilometer
$ceilometer = false,
$ceilometer_user_password = false,
$ceilometer_public_address = false,
$ceilometer_internal_address = false,
$ceilometer_admin_address = false,
# swift
$swift = false,
$swift_user_password = false,
$swift_public_address = false,
$swift_internal_address = false,
$swift_admin_address = false,
# heat
$heat = false,
$heat_user_password = false,
$heat_public_address = false,
$heat_internal_address = false,
$heat_admin_address = false,
# heat-cfn (cloudformation api)
$heat_cfn = false,
$heat_cfn_user_password = false,
$heat_cfn_public_address = false,
$heat_cfn_internal_address = false,
$heat_cfn_admin_address = false,
$glance = true,
$nova = true,
$cinder = true,
$neutron = true,
$ceilometer = false,
$swift = false,
$use_syslog = false,
$log_facility = 'LOG_USER',
$enabled = true
) {
# Install and configure Keystone
if $db_type == 'mysql' {
if $db_ssl == true {
$sql_conn = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?ssl_ca=${db_ssl_ca}"
} else {
$sql_conn = "mysql://${db_user}:${db_password}@${db_host}/${db_name}"
}
} else {
fail("db_type ${db_type} is not supported")
}
# I have to do all of this crazy munging b/c parameters are not
# set procedurally in Pupet
if($internal_address) {
$internal_real = $internal_address
} else {
$internal_real = $public_address
}
if($admin_address) {
$admin_real = $admin_address
} else {
$admin_real = $internal_real
}
if($glance_public_address) {
$glance_public_real = $glance_public_address
} else {
$glance_public_real = $public_address
}
if($glance_internal_address) {
$glance_internal_real = $glance_internal_address
} else {
$glance_internal_real = $glance_public_real
}
if($glance_admin_address) {
$glance_admin_real = $glance_admin_address
} else {
$glance_admin_real = $glance_internal_real
}
if($nova_public_address) {
$nova_public_real = $nova_public_address
} else {
$nova_public_real = $public_address
}
if($nova_internal_address) {
$nova_internal_real = $nova_internal_address
} else {
$nova_internal_real = $nova_public_real
}
if($nova_admin_address) {
$nova_admin_real = $nova_admin_address
} else {
$nova_admin_real = $nova_internal_real
}
if($cinder_public_address) {
$cinder_public_real = $cinder_public_address
} else {
$cinder_public_real = $public_address
}
if($cinder_internal_address) {
$cinder_internal_real = $cinder_internal_address
} else {
$cinder_internal_real = $cinder_public_real
}
if($cinder_admin_address) {
$cinder_admin_real = $cinder_admin_address
} else {
$cinder_admin_real = $cinder_internal_real
}
if($neutron_public_address) {
$neutron_public_real = $neutron_public_address
} else {
$neutron_public_real = $public_address
}
if($neutron_internal_address) {
$neutron_internal_real = $neutron_internal_address
} else {
$neutron_internal_real = $neutron_public_real
}
if($neutron_admin_address) {
$neutron_admin_real = $neutron_admin_address
} else {
$neutron_admin_real = $neutron_internal_real
}
if($ceilometer_public_address) {
$ceilometer_public_real = $ceilometer_public_address
} else {
$ceilometer_public_real = $public_address
}
if($ceilometer_internal_address) {
$ceilometer_internal_real = $ceilometer_internal_address
} else {
$ceilometer_internal_real = $ceilometer_public_real
}
if($ceilometer_admin_address) {
$ceilometer_admin_real = $ceilometer_admin_address
} else {
$ceilometer_admin_real = $ceilometer_internal_real
}
if($swift_public_address) {
$swift_public_real = $swift_public_address
} else {
$swift_public_real = $public_address
}
if($swift_internal_address) {
$swift_internal_real = $swift_internal_address
} else {
$swift_internal_real = $swift_public_real
}
if($swift_admin_address) {
$swift_admin_real = $swift_admin_address
} else {
$swift_admin_real = $swift_internal_real
}
if($heat_public_address) {
$heat_public_real = $heat_public_address
} else {
$heat_public_real = $public_address
}
if($heat_internal_address) {
$heat_internal_real = $heat_internal_address
} else {
$heat_internal_real = $heat_public_real
}
if($heat_admin_address) {
$heat_admin_real = $heat_admin_address
} else {
$heat_admin_real = $heat_internal_real
}
if($heat_cfn_public_address) {
$heat_cfn_public_real = $heat_cfn_public_address
} else {
$heat_cfn_public_real = $public_address
}
if($heat_cfn_internal_address) {
$heat_cfn_internal_real = $heat_cfn_internal_address
} else {
$heat_cfn_internal_real = $heat_cfn_public_real
}
if($heat_cfn_admin_address) {
$heat_cfn_admin_real = $heat_cfn_admin_address
} else {
$heat_cfn_admin_real = $heat_cfn_internal_real
}
class { '::keystone':
verbose => $verbose,
debug => $debug,
bind_host => $bind_host,
idle_timeout => $idle_timeout,
catalog_type => 'sql',
admin_token => $admin_token,
token_driver => $token_driver,
token_format => $token_format,
enabled => $enabled,
sql_connection => $sql_conn,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
if ($enabled) {
# Setup the admin user
class { 'keystone::roles::admin':
email => $admin_email,
password => $admin_password,
admin_tenant => $admin_tenant,
}
# Setup the Keystone Identity Endpoint
class { 'keystone::endpoint':
public_address => $public_address,
public_protocol => $public_protocol,
admin_address => $admin_real,
internal_address => $internal_real,
region => $region,
}
# Configure Glance endpoint in Keystone
if $glance {
class { 'glance::keystone::auth':
password => $glance_user_password,
public_address => $glance_public_real,
public_protocol => $public_protocol,
admin_address => $glance_admin_real,
internal_address => $glance_internal_real,
region => $region,
}
}
# Configure Nova endpoint in Keystone
if $nova {
class { 'nova::keystone::auth':
password => $nova_user_password,
public_address => $nova_public_real,
public_protocol => $public_protocol,
admin_address => $nova_admin_real,
internal_address => $nova_internal_real,
region => $region,
}
}
# Configure Cinder endpoint in Keystone
if $cinder {
class { 'cinder::keystone::auth':
password => $cinder_user_password,
public_address => $cinder_public_real,
public_protocol => $public_protocol,
admin_address => $cinder_admin_real,
internal_address => $cinder_internal_real,
region => $region,
}
}
if $neutron {
class { 'neutron::keystone::auth':
password => $neutron_user_password,
public_address => $neutron_public_real,
public_protocol => $public_protocol,
admin_address => $neutron_admin_real,
internal_address => $neutron_internal_real,
region => $region,
}
}
if $ceilometer {
if ! $ceilometer_user_password {
fail('Must set a ceilometer_user_password when ceilometer auth is being configured')
}
class { 'ceilometer::keystone::auth':
password => $ceilometer_user_password,
public_address => $ceilometer_public_real,
public_protocol => $public_protocol,
admin_address => $ceilometer_admin_real,
internal_address => $ceilometer_internal_real,
region => $region,
}
}
if $swift {
if ! $swift_user_password {
fail('Must set a swift_user_password when swift auth is being configured')
}
class { 'swift::keystone::auth':
password => $swift_user_password,
public_address => $swift_public_real,
public_protocol => $public_protocol,
admin_address => $swift_admin_real,
internal_address => $swift_internal_real,
region => $region,
}
}
if $heat {
if ! $heat_user_password {
fail('Must set a heat_user_password when heat auth is being configured')
}
class { 'heat::keystone::auth':
password => $heat_user_password,
public_address => $heat_public_real,
public_protocol => $public_protocol,
admin_address => $heat_admin_real,
internal_address => $heat_internal_real,
region => $region,
}
}
if $heat_cfn {
if ! $heat_cfn_user_password {
fail('Must set a heat_cfn_user_password when heat_cfn auth is being configured')
}
class { 'heat::keystone::auth_cfn':
password => $heat_cfn_user_password,
public_address => $heat_cfn_public_real,
public_protocol => $public_protocol,
admin_address => $heat_cfn_admin_real,
internal_address => $heat_cfn_internal_real,
region => $region,
}
}
}
}
View Git Blame Copy Permalink