openstack/puppet-openstack-integration
Code Issues Proposed changes

Enable service user token for interaction with nova/barbican

Browse Source 
This enables usage of service user token for interaction with nova and
barbican to avoid failure caused by token expiration during operations.

This also enables service_token_roles_required option in authtoken
middleware to allow only users with the service role to use this
feature.

Change-Id: Id6b0aad7aa24af2b6d03d484ada23357828c4325
This commit is contained in:
Takashi Kajinami 2023-05-23 10:14:59 +09:00
parent 1e2af68ccc
commit 20824c70d5
24 changed files with 215 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
manifests/aodh.pp
View File

@ -68,15 +68,17 @@ class openstack_integration::aodh (
public_url => "${::openstack_integration::config::base_url}:8042",
internal_url => "${::openstack_integration::config::base_url}:8042",
admin_url => "${::openstack_integration::config::base_url}:8042",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'aodh::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'aodh::api':
enabled => true,

14
manifests/barbican.pp
View File

@ -38,6 +38,7 @@ class openstack_integration::barbican {
public_url => "${::openstack_integration::config::base_url}:9311",
internal_url => "${::openstack_integration::config::base_url}:9311",
admin_url => "${::openstack_integration::config::base_url}:9311",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
include barbican::quota
@ -48,12 +49,13 @@ class openstack_integration::barbican {
debug => true,
}
class { 'barbican::keystone::authtoken':
password => 'a_big_secret',
auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
user_domain_name => 'Default',
project_domain_name => 'Default',
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
user_domain_name => 'Default',
project_domain_name => 'Default',
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'barbican::api':
default_transport_url => os_transport_url({

1
manifests/ceilometer.pp
View File

@ -60,6 +60,7 @@ class openstack_integration::ceilometer (
amqp_sasl_mechanisms => 'PLAIN',
}
class { 'ceilometer::keystone::auth':
roles => ['admin', 'service'],
password => 'a_big_secret',
}

14
manifests/cinder.pp
View File

@ -51,6 +51,7 @@ class openstack_integration::cinder (
public_url_v3 => "${::openstack_integration::config::base_url}:8776/v3",
internal_url_v3 => "${::openstack_integration::config::base_url}:8776/v3",
admin_url_v3 => "${::openstack_integration::config::base_url}:8776/v3",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'cinder::logging':
@ -64,6 +65,12 @@ class openstack_integration::cinder (
barbican_endpoint => "${::openstack_integration::config::base_url}:9311",
auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3"
}
class { 'cinder::key_manager::barbican::service_user':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
}
class { 'cinder::db':
database_connection => os_database_connection({
@ -105,6 +112,13 @@ class openstack_integration::cinder (
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'cinder::keystone::service_user':
send_service_user_token => true,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
class { 'cinder::api':
default_volume_type => 'BACKEND_1',
public_endpoint => "${::openstack_integration::config::base_url}:8776",

16
manifests/designate.pp
View File

@ -57,18 +57,20 @@ class openstack_integration::designate {
include 'designate::client'
class { 'designate::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:9001",
internal_url => "${::openstack_integration::config::base_url}:9001",
admin_url => "${::openstack_integration::config::base_url}:9001",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'designate::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'designate::api':

14
manifests/ec2api.pp
View File

@ -18,6 +18,7 @@ class openstack_integration::ec2api {
internal_url => "${::openstack_integration::config::base_url}:8788",
admin_url => "${::openstack_integration::config::base_url}:8788",
password => 'a_big_secret',
roles => ['admin', 'service'],
}
class { 'ec2api::db::mysql':
charset => $::openstack_integration::params::mysql_charset,
@ -45,12 +46,13 @@ class openstack_integration::ec2api {
}
class { 'ec2api': }
class { 'ec2api::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'ec2api::api':
my_ip => $::openstack_integration::config::host,

20
manifests/glance.pp
View File

@ -46,15 +46,17 @@ class openstack_integration::glance (
public_url => "http://${::openstack_integration::config::ip_for_url}:9292",
internal_url => "http://${::openstack_integration::config::ip_for_url}:9292",
admin_url => "http://${::openstack_integration::config::ip_for_url}:9292",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'glance::api::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
case $backend {
'file': {
@ -144,5 +146,11 @@ class openstack_integration::glance (
barbican_endpoint => "${::openstack_integration::config::base_url}:9311",
auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3"
}
class { 'glance::key_manager::barbican::service_user':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
}
}

14
manifests/gnocchi.pp
View File

@ -72,15 +72,17 @@ class openstack_integration::gnocchi (
public_url => "${::openstack_integration::config::base_url}:8041",
internal_url => "${::openstack_integration::config::base_url}:8041",
admin_url => "${::openstack_integration::config::base_url}:8041",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'gnocchi::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'gnocchi::api':
enabled => true,

18
manifests/heat.pp
View File

@ -30,12 +30,13 @@ class openstack_integration::heat (
}
class { 'heat::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'heat::trustee':
password => 'a_big_secret',
@ -83,11 +84,12 @@ class openstack_integration::heat (
host => $::openstack_integration::config::host,
}
class { 'heat::keystone::auth':
password => 'a_big_secret',
configure_delegated_roles => true,
public_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
internal_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
admin_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
roles => ['admin', 'service'],
password => 'a_big_secret',
configure_delegated_roles => true,
}
class { 'heat::keystone::auth_cfn':
password => 'a_big_secret',

28
manifests/ironic.pp
View File

@ -50,20 +50,23 @@ class openstack_integration::ironic {
public_url => "${::openstack_integration::config::base_url}:6385",
internal_url => "${::openstack_integration::config::base_url}:6385",
admin_url => "${::openstack_integration::config::base_url}:6385",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'ironic::api::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'ironic::keystone::auth_inspector':
public_url => "http://${::openstack_integration::config::ip_for_url}:5050",
internal_url => "http://${::openstack_integration::config::ip_for_url}:5050",
admin_url => "http://${::openstack_integration::config::ip_for_url}:5050",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'ironic::client': }
@ -98,12 +101,13 @@ class openstack_integration::ironic {
host => $::openstack_integration::config::host,
}
class { 'ironic::inspector::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'ironic::pxe': }
class { 'ironic::inspector::db':

14
manifests/magnum.pp
View File

@ -35,6 +35,7 @@ class openstack_integration::magnum (
public_url => "${::openstack_integration::config::base_url}:9511",
internal_url => "${::openstack_integration::config::base_url}:9511",
admin_url => "${::openstack_integration::config::base_url}:9511",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
@ -46,12 +47,13 @@ class openstack_integration::magnum (
}
class { 'magnum::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'magnum::db::mysql':

14
manifests/manila.pp
View File

@ -43,6 +43,7 @@ class openstack_integration::manila (
public_url_v2 => "${::openstack_integration::config::base_url}:8786/v2",
internal_url_v2 => "${::openstack_integration::config::base_url}:8786/v2",
admin_url_v2 => "${::openstack_integration::config::base_url}:8786/v2",
roles => ['admin', 'service'],
password => 'a_big_secret',
configure_user_v2 => false,
configure_user_role_v2 => false,
@ -82,12 +83,13 @@ class openstack_integration::manila (
amqp_sasl_mechanisms => 'PLAIN',
}
class { 'manila::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'manila::api':
service_name => 'httpd',

14
manifests/mistral.pp
View File

@ -15,12 +15,13 @@ class openstack_integration::mistral {
Exec['update-ca-certificates'] ~> Service['httpd']
}
class { 'mistral::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'mistral::logging':
debug => true,
@ -50,6 +51,7 @@ class openstack_integration::mistral {
public_url => "${::openstack_integration::config::base_url}:8989/v2",
admin_url => "${::openstack_integration::config::base_url}:8989/v2",
internal_url => "${::openstack_integration::config::base_url}:8989/v2",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'mistral::db::mysql':

16
manifests/murano.pp
View File

@ -65,12 +65,13 @@ class openstack_integration::murano {
}),
}
class { 'murano::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'murano':
default_transport_url => os_transport_url({
@ -99,10 +100,11 @@ class openstack_integration::murano {
class { 'murano::engine': }
class { 'murano::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:8082",
internal_url => "${::openstack_integration::config::base_url}:8082",
admin_url => "${::openstack_integration::config::base_url}:8082",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
-> murano_application { 'io.murano':
package_path => "${application_package_path}/io.murano.zip",

14
manifests/neutron.pp
View File

@ -157,6 +157,7 @@ class openstack_integration::neutron (
public_url => "${::openstack_integration::config::base_url}:9696",
internal_url => "${::openstack_integration::config::base_url}:9696",
admin_url => "${::openstack_integration::config::base_url}:9696",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
@ -240,12 +241,13 @@ class openstack_integration::neutron (
}
class { 'neutron::client': }
class { 'neutron::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
if $facts['os']['family'] == 'Debian' {

19
manifests/nova.pp
View File

@ -105,12 +105,13 @@ class openstack_integration::nova (
password => 'a_big_secret',
}
class { 'nova::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'nova::keystone::service_user':
send_service_user_token => true,
@ -199,6 +200,12 @@ class openstack_integration::nova (
auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3",
barbican_endpoint => "${::openstack_integration::config::base_url}:9311"
}
class { 'nova::key_manager::barbican::service_user':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
}
class { 'nova::compute':
vnc_enabled => true,

14
manifests/octavia.pp
View File

@ -103,15 +103,17 @@ class openstack_integration::octavia (
public_url => "${::openstack_integration::config::base_url}:9876",
internal_url => "${::openstack_integration::config::base_url}:9876",
admin_url => "${::openstack_integration::config::base_url}:9876",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'octavia::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
File { '/etc/octavia/certs':

14
manifests/placement.pp
View File

@ -27,15 +27,17 @@ class openstack_integration::placement {
public_url => "${::openstack_integration::config::base_url}:8778",
internal_url => "${::openstack_integration::config::base_url}:8778",
admin_url => "${::openstack_integration::config::base_url}:8778",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'placement::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'placement::logging':
debug => true,

14
manifests/sahara.pp
View File

@ -35,6 +35,7 @@ class openstack_integration::sahara (
public_url => "${::openstack_integration::config::base_url}:8386",
internal_url => "${::openstack_integration::config::base_url}:8386",
admin_url => "${::openstack_integration::config::base_url}:8386",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'sahara::logging':
@ -64,12 +65,13 @@ class openstack_integration::sahara (
amqp_sasl_mechanisms => 'PLAIN',
}
class { 'sahara::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'sahara::service::api':
service_name => 'httpd',

8
manifests/swift.pp
View File

@ -72,9 +72,10 @@ class openstack_integration::swift {
include swift::proxy::tempurl
include swift::proxy::ratelimit
class { 'swift::proxy::authtoken':
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
auth_url => "${::openstack_integration::config::keystone_admin_uri}/",
password => 'a_big_secret',
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
auth_url => "${::openstack_integration::config::keystone_admin_uri}/",
password => 'a_big_secret',
service_token_roles_required => true,
}
class { 'swift::proxy::keystone':
operator_roles => ['member', 'admin', 'SwiftOperator']
@ -99,6 +100,7 @@ class openstack_integration::swift {
public_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080",
admin_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080",
internal_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080",
roles => ['admin', 'service'],
password => 'a_big_secret',
operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'],
}

16
manifests/trove.pp
View File

@ -55,18 +55,20 @@ class openstack_integration::trove {
host => $::openstack_integration::config::host,
}
class { 'trove::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s",
internal_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s",
admin_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'trove::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'trove::api::service_credentials':
password => 'a_big_secret',

14
manifests/vitrage.pp
View File

@ -83,15 +83,17 @@ class openstack_integration::vitrage {
public_url => "${::openstack_integration::config::base_url}:8999",
internal_url => "${::openstack_integration::config::base_url}:8999",
admin_url => "${::openstack_integration::config::base_url}:8999",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'vitrage::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'vitrage::api':
enabled => true,

18
manifests/watcher.pp
View File

@ -33,19 +33,21 @@ class openstack_integration::watcher {
}),
}
class { 'watcher::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:9322",
admin_url => "${::openstack_integration::config::base_url}:9322",
internal_url => "${::openstack_integration::config::base_url}:9322",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class {'watcher::keystone::authtoken':
password => 'a_big_secret',
auth_version => 'v3',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
auth_version => 'v3',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class { 'watcher::logging':
debug => true,

17
manifests/zaqar.pp
View File

@ -19,11 +19,11 @@ class openstack_integration::zaqar {
host => $::openstack_integration::config::host,
}
class { 'zaqar::keystone::auth':
password => 'a_big_secret',
roles => ['admin', 'ResellerAdmin'],
public_url => "${::openstack_integration::config::base_url}:8888",
internal_url => "${::openstack_integration::config::base_url}:8888",
admin_url => "${::openstack_integration::config::base_url}:8888",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'zaqar::keystone::auth_websocket':
public_url => "ws://${::openstack_integration::config::ip_for_url}:8888",
@ -46,12 +46,13 @@ class openstack_integration::zaqar {
uri => 'swift://zaqar:a_big_secret@/services',
}
class {'zaqar::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
class {'zaqar':
unreliable => true,