Puppet Class: profile::openstack::base::keystone::service

Defined in:
modules/profile/manifests/openstack/base/keystone/service.pp

Overview

Parameters:

  • daemon_active (Any) (defaults to: hiera('profile::openstack::base::keystone::daemon_active'))
  • version (Any) (defaults to: hiera('profile::openstack::base::version'))
  • region (Any) (defaults to: hiera('profile::openstack::base::region'))
  • nova_controller (Any) (defaults to: hiera('profile::openstack::base::nova_controller'))
  • keystone_host (Any) (defaults to: hiera('profile::openstack::base::keystone_host'))
  • osm_host (Any) (defaults to: hiera('profile::openstack::base::osm_host'))
  • db_name (Any) (defaults to: hiera('profile::openstack::base::keystone::db_name'))
  • db_user (Any) (defaults to: hiera('profile::openstack::base::keystone::db_user'))
  • db_pass (Any) (defaults to: hiera('profile::openstack::base::keystone::db_pass'))
  • db_host (Any) (defaults to: hiera('profile::openstack::base::keystone::db_host'))
  • db_max_pool_size (Any) (defaults to: hiera('profile::openstack::base::keystone::db_max_pool_size'))
  • admin_workers (Any) (defaults to: hiera('profile::openstack::base::keystone::admin_workers'))
  • public_workers (Any) (defaults to: hiera('profile::openstack::base::keystone::public_workers'))
  • nova_db_pass (Any) (defaults to: hiera('profile::openstack::base::nova::db_pass'))
  • token_driver (Any) (defaults to: hiera('profile::openstack::base::keystone::token_driver'))
  • ldap_hosts (Any) (defaults to: hiera('profile::openstack::base::ldap_hosts'))
  • ldap_base_dn (Any) (defaults to: hiera('profile::openstack::base::ldap_base_dn'))
  • ldap_user_id_attribute (Any) (defaults to: hiera('profile::openstack::base::ldap_user_id_attribute'))
  • ldap_user_name_attribute (Any) (defaults to: hiera('profile::openstack::base::ldap_user_name_attribute'))
  • ldap_user_dn (Any) (defaults to: hiera('profile::openstack::base::ldap_user_dn'))
  • ldap_user_pass (Any) (defaults to: hiera('profile::openstack::base::ldap_user_pass'))
  • auth_protocol (Any) (defaults to: hiera('profile::openstack::base::keystone::auth_protocol'))
  • auth_port (Any) (defaults to: hiera('profile::openstack::base::keystone::auth_port'))
  • public_port (Any) (defaults to: hiera('profile::openstack::base::keystone::public_port'))
  • wiki_status_page_prefix (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_status_page_prefix'))
  • wiki_status_consumer_token (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_status_consumer_token'))
  • wiki_status_consumer_secret (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_status_consumer_secret'))
  • wiki_status_access_token (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_status_access_token'))
  • wiki_status_access_secret (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_status_access_secret'))
  • wiki_consumer_token (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_consumer_token'))
  • wiki_consumer_secret (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_consumer_secret'))
  • wiki_access_token (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_access_token'))
  • wiki_access_secret (Any) (defaults to: hiera('profile::openstack::base::keystone::wiki_access_secret'))
  • labs_hosts_range (Any) (defaults to: hiera('profile::openstack::base::labs_hosts_range'))
  • labs_hosts_range_v6 (Any) (defaults to: hiera('profile::openstack::base::labs_hosts_range_v6'))
  • nova_controller_standby (Any) (defaults to: hiera('profile::openstack::base::nova_controller_standby'))
  • nova_api_host (Any) (defaults to: hiera('profile::openstack::base::nova_api_host'))
  • designate_host (Any) (defaults to: hiera('profile::openstack::base::designate_host'))
  • designate_host_standby (Any) (defaults to: hiera('profile::openstack::base::designate_host_standby'))
  • second_region_designate_host (Any) (defaults to: hiera('profile::openstack::base::second_region_designate_host'))
  • second_region_designate_host_standby (Any) (defaults to: hiera('profile::openstack::base::second_region_designate_host_standby'))
  • labweb_hosts (Any) (defaults to: hiera('profile::openstack::base::labweb_hosts')) 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'modules/profile/manifests/openstack/base/keystone/service.pp', line 1

class profile::openstack::base::keystone::service(
    $daemon_active = hiera('profile::openstack::base::keystone::daemon_active'),
    $version = hiera('profile::openstack::base::version'),
    $region = hiera('profile::openstack::base::region'),
    $nova_controller = hiera('profile::openstack::base::nova_controller'),
    $keystone_host = hiera('profile::openstack::base::keystone_host'),
    $osm_host = hiera('profile::openstack::base::osm_host'),
    $db_name = hiera('profile::openstack::base::keystone::db_name'),
    $db_user = hiera('profile::openstack::base::keystone::db_user'),
    $db_pass = hiera('profile::openstack::base::keystone::db_pass'),
    $db_host = hiera('profile::openstack::base::keystone::db_host'),
    $db_max_pool_size = hiera('profile::openstack::base::keystone::db_max_pool_size'),
    $admin_workers = hiera('profile::openstack::base::keystone::admin_workers'),
    $public_workers = hiera('profile::openstack::base::keystone::public_workers'),
    $nova_db_pass = hiera('profile::openstack::base::nova::db_pass'),
    $token_driver = hiera('profile::openstack::base::keystone::token_driver'),
    $ldap_hosts = hiera('profile::openstack::base::ldap_hosts'),
    $ldap_base_dn = hiera('profile::openstack::base::ldap_base_dn'),
    $ldap_user_id_attribute = hiera('profile::openstack::base::ldap_user_id_attribute'),
    $ldap_user_name_attribute = hiera('profile::openstack::base::ldap_user_name_attribute'),
    $ldap_user_dn = hiera('profile::openstack::base::ldap_user_dn'),
    $ldap_user_pass = hiera('profile::openstack::base::ldap_user_pass'),
    $auth_protocol = hiera('profile::openstack::base::keystone::auth_protocol'),
    $auth_port = hiera('profile::openstack::base::keystone::auth_port'),
    $public_port = hiera('profile::openstack::base::keystone::public_port'),
    $wiki_status_page_prefix = hiera('profile::openstack::base::keystone::wiki_status_page_prefix'),
    $wiki_status_consumer_token = hiera('profile::openstack::base::keystone::wiki_status_consumer_token'),
    $wiki_status_consumer_secret = hiera('profile::openstack::base::keystone::wiki_status_consumer_secret'),
    $wiki_status_access_token = hiera('profile::openstack::base::keystone::wiki_status_access_token'),
    $wiki_status_access_secret = hiera('profile::openstack::base::keystone::wiki_status_access_secret'),
    $wiki_consumer_token = hiera('profile::openstack::base::keystone::wiki_consumer_token'),
    $wiki_consumer_secret = hiera('profile::openstack::base::keystone::wiki_consumer_secret'),
    $wiki_access_token = hiera('profile::openstack::base::keystone::wiki_access_token'),
    $wiki_access_secret = hiera('profile::openstack::base::keystone::wiki_access_secret'),
    $labs_hosts_range = hiera('profile::openstack::base::labs_hosts_range'),
    $labs_hosts_range_v6 = hiera('profile::openstack::base::labs_hosts_range_v6'),
    $nova_controller_standby = hiera('profile::openstack::base::nova_controller_standby'),
    $nova_api_host = hiera('profile::openstack::base::nova_api_host'),
    $designate_host = hiera('profile::openstack::base::designate_host'),
    $designate_host_standby = hiera('profile::openstack::base::designate_host_standby'),
    $second_region_designate_host = hiera('profile::openstack::base::second_region_designate_host'),
    $second_region_designate_host_standby = hiera('profile::openstack::base::second_region_designate_host_standby'),
    $labweb_hosts = hiera('profile::openstack::base::labweb_hosts'),
    ) {

    include ::network::constants
    $prod_networks = join($::network::constants::production_networks, ' ')
    $labs_networks = join($::network::constants::labs_networks, ' ')

    if ($daemon_active) {
        # support for a 2 controller nodes deployment
        $active = ($::fqdn == $keystone_host)
    } else {
        $active = false
    }

    class {'::openstack::keystone::service':
        active                      => $active,
        version                     => $version,
        keystone_host               => $keystone_host,
        osm_host                    => $osm_host,
        db_name                     => $db_name,
        db_user                     => $db_user,
        db_pass                     => $db_pass,
        db_host                     => $db_host,
        db_max_pool_size            => $db_max_pool_size,
        admin_workers               => $admin_workers,
        public_workers              => $public_workers,
        token_driver                => $token_driver,
        ldap_hosts                  => $ldap_hosts,
        ldap_base_dn                => $ldap_base_dn,
        ldap_user_id_attribute      => $ldap_user_id_attribute,
        ldap_user_name_attribute    => $ldap_user_name_attribute,
        ldap_user_dn                => $ldap_user_dn,
        ldap_user_pass              => $ldap_user_pass,
        auth_protocol               => $auth_protocol,
        auth_port                   => $auth_port,
        wiki_status_page_prefix     => $wiki_status_page_prefix,
        wiki_status_consumer_token  => $wiki_status_consumer_token,
        wiki_status_consumer_secret => $wiki_status_consumer_secret,
        wiki_status_access_token    => $wiki_status_access_token,
        wiki_status_access_secret   => $wiki_status_access_secret,
        wiki_consumer_token         => $wiki_consumer_token,
        wiki_consumer_secret        => $wiki_consumer_secret,
        wiki_access_token           => $wiki_access_token,
        wiki_access_secret          => $wiki_access_secret,
    }
    contain '::openstack::keystone::service'

    class {'::openstack::util::admin_scripts':
        version => $version,
    }
    contain '::openstack::util::admin_scripts'

    $labweb_ips = inline_template("@resolve((<%= @labweb_hosts.join(' ') %>))")
    $labweb_ip6s = inline_template("@resolve((<%= @labweb_hosts.join(' ') %>), AAAA)")

    # keystone admin API only for openstack services that might need it
    ferm::rule{'keystone_admin':
        ensure => 'present',
        rule   => "saddr (${labs_hosts_range} ${labs_hosts_range_v6}
                             @resolve(${nova_controller_standby}) @resolve(${nova_controller_standby}, AAAA) @resolve(${nova_api_host})
                             @resolve(${designate_host}) @resolve(${designate_host_standby})
                             @resolve(${designate_host}, AAAA) @resolve(${designate_host_standby}, AAAA)
                             @resolve(${second_region_designate_host}) @resolve(${second_region_designate_host}, AAAA)
                             @resolve(${second_region_designate_host_standby}) @resolve(${second_region_designate_host_standby}, AAAA)
                             ${labweb_ips} ${labweb_ip6s}
                             @resolve(${osm_host})
                             ) proto tcp dport (35357) ACCEPT;",
    }

    ferm::rule{'keystone_public':
        ensure => 'present',
        rule   => "saddr (${prod_networks} ${labs_networks}
                             ) proto tcp dport (5000) ACCEPT;",
    }
}