openstack/puppet-cinder
Code Issues Proposed changes
puppet-cinder/manifests/keystone/auth.pp
Risto Laurikainen da2f5a125c Make user creation optional when creating service. 
In some cases it is useful to be able to just configure
the service in Keystone and not the service user. This
is the case when e.g. a read only LDAP backend is used.
Added parameters configure_user and configure_user_role
(default to true).

Change-Id: I021976f1eafa881755c0abbe1f6ba1b546dee111
Closes-Bug: 1360232
2014-09-11 12:21:14 +03:00

138 lines
4.1 KiB
Puppet
Raw Blame History

# == Class: cinder::keystone::auth
#
# Configures Cinder user, service and endpoint in Keystone.
#
# === Parameters
#
# [*password*]
# Password for Cinder user. Required.
#
# [*email*]
# Email for Cinder user. Optional. Defaults to 'cinder@localhost'.
#
# [*auth_name*]
# Username for Cinder service. Optional. Defaults to 'cinder'.
#
# [*auth_name_v2*]
# Username for Cinder v2 service. Optional. Defaults to 'cinder2'.
#
# [*configure_endpoint*]
# Should Cinder endpoint be configured? Optional. Defaults to 'true'.
# API v1 endpoint should be enabled in Icehouse for compatibility with Nova.
#
# [*configure_endpoint_v2*]
# Should Cinder v2 endpoint be configured? Optional. Defaults to 'true'.
#
# [*configure_user*]
# Should the service user be configured? Optional. Defaults to 'true'.
#
# [*configure_user_role*]
# Should the admin role be configured for the service user?
# Optional. Defaults to 'true'.
#
# [*service_type*]
# Type of service. Optional. Defaults to 'volume'.
#
# [*service_type_v2*]
# Type of API v2 service. Optional. Defaults to 'volume2'.
#
# [*public_address*]
# Public address for endpoint. Optional. Defaults to '127.0.0.1'.
#
# [*admin_address*]
# Admin address for endpoint. Optional. Defaults to '127.0.0.1'.
#
# [*internal_address*]
# Internal address for endpoint. Optional. Defaults to '127.0.0.1'.
#
# [*port*]
# Port for endpoint. Optional. Defaults to '8776'.
#
# [*volume_version*]
# Cinder API version. Optional. Defaults to 'v1'.
#
# [*region*]
# Region for endpoint. Optional. Defaults to 'RegionOne'.
#
# [*tenant*]
# Tenant for Cinder user. Optional. Defaults to 'services'.
#
# [*public_protocol*]
# Protocol for public endpoint. Optional. Defaults to 'http'.
#
# [*internal_protocol*]
# Protocol for internal endpoint. Optional. Defaults to 'http'.
#
# [*admin_protocol*]
# Protocol for admin endpoint. Optional. Defaults to 'http'.
#
class cinder::keystone::auth (
$password,
$auth_name = 'cinder',
$auth_name_v2 = 'cinderv2',
$email = 'cinder@localhost',
$tenant = 'services',
$configure_endpoint = true,
$configure_endpoint_v2 = true,
$configure_user = true,
$configure_user_role = true,
$service_type = 'volume',
$service_type_v2 = 'volumev2',
$public_address = '127.0.0.1',
$admin_address = '127.0.0.1',
$internal_address = '127.0.0.1',
$port = '8776',
$volume_version = 'v1',
$region = 'RegionOne',
$public_protocol = 'http',
$admin_protocol = 'http',
$internal_protocol = 'http'
) {
if $configure_user {
keystone_user { $auth_name:
ensure => present,
password => $password,
email => $email,
tenant => $tenant,
}
}
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'cinder-api' |>
keystone_user_role { "${auth_name}@${tenant}":
ensure => present,
roles => 'admin',
}
}
keystone_service { $auth_name:
ensure => present,
type => $service_type,
description => 'Cinder Service',
}
keystone_service { $auth_name_v2:
ensure => present,
type => $service_type_v2,
description => 'Cinder Service v2',
}
if $configure_endpoint {
keystone_endpoint { "${region}/${auth_name}":
ensure => present,
public_url => "${public_protocol}://${public_address}:${port}/${volume_version}/%(tenant_id)s",
admin_url => "${admin_protocol}://${admin_address}:${port}/${volume_version}/%(tenant_id)s",
internal_url => "${internal_protocol}://${internal_address}:${port}/${volume_version}/%(tenant_id)s",
}
}
if $configure_endpoint_v2 {
keystone_endpoint { "${region}/${auth_name_v2}":
ensure => present,
public_url => "${public_protocol}://${public_address}:${port}/v2/%(tenant_id)s",
admin_url => "${admin_protocol}://${admin_address}:${port}/v2/%(tenant_id)s",
internal_url => "${internal_protocol}://${internal_address}:${port}/v2/%(tenant_id)s",
}
}
}
View Git Blame Copy Permalink