Puppet Class: openstack::keystone::monitor::projects_and_users

Defined in:
modules/openstack/manifests/keystone/monitor/projects_and_users.pp

Overview

Parameters:

  • active (Any)
  • contact_groups (Any) (defaults to: 'wmcs-bots,admins')


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'modules/openstack/manifests/keystone/monitor/projects_and_users.pp', line 6

class openstack::keystone::monitor::projects_and_users(
    $active,
    $contact_groups='wmcs-bots,admins',
    ) {

    # monitoring::service doesn't take a bool
    if $active {
        $ensure = 'present'
    }
    else {
        $ensure = 'absent'
    }

    # Script to check all keystone projects for a given user and role
    file { '/usr/local/bin/check_keystone_roles.py':
        ensure => 'present',
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
        source => 'puppet:///modules/openstack/monitor/keystone/check_keystone_roles.py',
    }

    # Script to make sure that service projects e.g. 'admin' exists
    file { '/usr/local/bin/check_keystone_projects.py':
        ensure => 'present',
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
        source => 'puppet:///modules/openstack/monitor/keystone/check_keystone_projects.py',
    }

    # Make sure 'novaobserver' has 'observer' everywhere
    nrpe::monitor_service { 'check-novaobserver-membership':
        ensure        => $ensure,
        nrpe_command  => '/usr/local/bin/check_keystone_roles.py novaobserver observer',
        description   => 'novaobserver has only observer role',
        require       => File['/usr/local/bin/check_keystone_roles.py'],
        contact_group => $contact_groups,
        notes_url     => 'https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/Troubleshooting',
    }

    # Make sure 'novaadmin' has 'projectadmin' and 'user' everywhere
    nrpe::monitor_service { 'check-novaadmin-membership':
        ensure        => $ensure,
        nrpe_command  => '/usr/local/bin/check_keystone_roles.py novaadmin user projectadmin',
        description   => 'novaadmin has roles in every project',
        require       => File['/usr/local/bin/check_keystone_roles.py'],
        contact_group => $contact_groups,
        notes_url     => 'https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/Troubleshooting',
    }

    # Verify service projects
    nrpe::monitor_service { 'check-keystone-projects':
        ensure        => $ensure,
        nrpe_command  => '/usr/local/bin/check_keystone_projects.py',
        description   => 'Keystone admin and observer projects exist',
        require       => File['/usr/local/bin/check_keystone_roles.py'],
        contact_group => $contact_groups,
        notes_url     => 'https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/Troubleshooting',
    }

}