69 lines
2.6 KiB
Puppet
69 lines
2.6 KiB
Puppet
notice('MODULAR: detach-keystone/keystone-controller.pp')
|
|
|
|
$network_metadata = hiera('network_metadata')
|
|
$access_hash = hiera_hash('access',{})
|
|
$service_endpoint = hiera('service_endpoint')
|
|
$management_vip = hiera('management_vip')
|
|
$public_vip = hiera('public_vip')
|
|
|
|
$admin_tenant = $access_hash['tenant']
|
|
$admin_email = $access_hash['email']
|
|
$admin_user = $access_hash['user']
|
|
$admin_password = $access_hash['password']
|
|
$region = hiera('region', 'RegionOne')
|
|
|
|
$keystone_hash = hiera_hash('keystone', {})
|
|
# enabled by default
|
|
$public_ssl_hash = hiera('public_ssl')
|
|
$ssl_hash = hiera_hash('use_ssl', {})
|
|
|
|
$public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'usage', false)
|
|
$public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'path', [''])
|
|
|
|
$public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'protocol', 'http')
|
|
$public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'hostname', [$public_vip])
|
|
$public_port = '5000'
|
|
|
|
$internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
|
|
$internal_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$management_vip])
|
|
$internal_port = '5000'
|
|
|
|
$admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
|
|
$admin_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$management_vip])
|
|
$admin_port = '35357'
|
|
|
|
$public_url = "${public_protocol}://${public_address}:${public_port}"
|
|
$admin_url = "${admin_protocol}://${admin_address}:${admin_port}"
|
|
$internal_url = "${internal_protocol}://${internal_address}:${internal_port}"
|
|
|
|
$auth_suffix = pick($keystone_hash['auth_suffix'], '/')
|
|
$auth_url = "${internal_url}${auth_suffix}"
|
|
|
|
class { '::osnailyfacter::auth_file':
|
|
admin_user => $admin_user,
|
|
admin_password => $admin_password,
|
|
admin_tenant => $admin_tenant,
|
|
region_name => $region,
|
|
auth_url => $auth_url,
|
|
}
|
|
|
|
# Enable keystone HAProxy on controller so public VIP can be used
|
|
$server_names = [$service_endpoint]
|
|
$ipaddresses = [$service_endpoint]
|
|
|
|
# configure keystone ha proxy
|
|
class { '::openstack::ha::keystone':
|
|
internal_virtual_ip => $management_vip,
|
|
ipaddresses => $ipaddresses,
|
|
public_virtual_ip => $public_vip,
|
|
server_names => $server_names,
|
|
public_ssl => $public_ssl,
|
|
public_ssl_path => $public_ssl_path,
|
|
}
|
|
|
|
Package['socat'] -> Class['openstack::ha::keystone']
|
|
|
|
package { 'socat':
|
|
ensure => 'present',
|
|
}
|