openstack/puppet-openstack-integration
Code Issues Proposed changes

Enable service user token for interaction with nova/barbican

Browse Source 
This enables usage of service user token for interaction with nova and
barbican to avoid failure caused by token expiration during operations.

This also enables service_token_roles_required option in authtoken
middleware to allow only users with the service role to use this
feature.

Change-Id: Id6b0aad7aa24af2b6d03d484ada23357828c4325
This commit is contained in:
Takashi Kajinami 2023-05-23 10:14:59 +09:00
parent 1e2af68ccc
commit 20824c70d5
24 changed files with 215 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/aodh.pp
View File

@ -68,6 +68,7 @@ class openstack_integration::aodh (
public_url => "${::openstack_integration::config::base_url}:8042", public_url => "${::openstack_integration::config::base_url}:8042",
internal_url => "${::openstack_integration::config::base_url}:8042", internal_url => "${::openstack_integration::config::base_url}:8042",
admin_url => "${::openstack_integration::config::base_url}:8042", admin_url => "${::openstack_integration::config::base_url}:8042",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'aodh::keystone::authtoken': class { 'aodh::keystone::authtoken':
@ -77,6 +78,7 @@ class openstack_integration::aodh (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'aodh::api': class { 'aodh::api':
enabled => true, enabled => true,

2
manifests/barbican.pp
View File

@ -38,6 +38,7 @@ class openstack_integration::barbican {
public_url => "${::openstack_integration::config::base_url}:9311", public_url => "${::openstack_integration::config::base_url}:9311",
internal_url => "${::openstack_integration::config::base_url}:9311", internal_url => "${::openstack_integration::config::base_url}:9311",
admin_url => "${::openstack_integration::config::base_url}:9311", admin_url => "${::openstack_integration::config::base_url}:9311",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
include barbican::quota include barbican::quota
@ -54,6 +55,7 @@ class openstack_integration::barbican {
user_domain_name => 'Default', user_domain_name => 'Default',
project_domain_name => 'Default', project_domain_name => 'Default',
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'barbican::api': class { 'barbican::api':
default_transport_url => os_transport_url({ default_transport_url => os_transport_url({

1
manifests/ceilometer.pp
View File

@ -60,6 +60,7 @@ class openstack_integration::ceilometer (
amqp_sasl_mechanisms => 'PLAIN', amqp_sasl_mechanisms => 'PLAIN',
} }
class { 'ceilometer::keystone::auth': class { 'ceilometer::keystone::auth':
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }

14
manifests/cinder.pp
View File

@ -51,6 +51,7 @@ class openstack_integration::cinder (
public_url_v3 => "${::openstack_integration::config::base_url}:8776/v3", public_url_v3 => "${::openstack_integration::config::base_url}:8776/v3",
internal_url_v3 => "${::openstack_integration::config::base_url}:8776/v3", internal_url_v3 => "${::openstack_integration::config::base_url}:8776/v3",
admin_url_v3 => "${::openstack_integration::config::base_url}:8776/v3", admin_url_v3 => "${::openstack_integration::config::base_url}:8776/v3",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'cinder::logging': class { 'cinder::logging':
@ -64,6 +65,12 @@ class openstack_integration::cinder (
barbican_endpoint => "${::openstack_integration::config::base_url}:9311", barbican_endpoint => "${::openstack_integration::config::base_url}:9311",
auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3" auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3"
} }
class { 'cinder::key_manager::barbican::service_user':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
} }
class { 'cinder::db': class { 'cinder::db':
database_connection => os_database_connection({ database_connection => os_database_connection({
@ -105,6 +112,13 @@ class openstack_integration::cinder (
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true, service_token_roles_required => true,
} }
class { 'cinder::keystone::service_user':
send_service_user_token => true,
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
class { 'cinder::api': class { 'cinder::api':
default_volume_type => 'BACKEND_1', default_volume_type => 'BACKEND_1',
public_endpoint => "${::openstack_integration::config::base_url}:8776", public_endpoint => "${::openstack_integration::config::base_url}:8776",

4
manifests/designate.pp
View File

@ -57,10 +57,11 @@ class openstack_integration::designate {
include 'designate::client' include 'designate::client'
class { 'designate::keystone::auth': class { 'designate::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:9001", public_url => "${::openstack_integration::config::base_url}:9001",
internal_url => "${::openstack_integration::config::base_url}:9001", internal_url => "${::openstack_integration::config::base_url}:9001",
admin_url => "${::openstack_integration::config::base_url}:9001", admin_url => "${::openstack_integration::config::base_url}:9001",
roles => ['admin', 'service'],
password => 'a_big_secret',
} }
class { 'designate::keystone::authtoken': class { 'designate::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
@ -69,6 +70,7 @@ class openstack_integration::designate {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'designate::api': class { 'designate::api':

2
manifests/ec2api.pp
View File

@ -18,6 +18,7 @@ class openstack_integration::ec2api {
internal_url => "${::openstack_integration::config::base_url}:8788", internal_url => "${::openstack_integration::config::base_url}:8788",
admin_url => "${::openstack_integration::config::base_url}:8788", admin_url => "${::openstack_integration::config::base_url}:8788",
password => 'a_big_secret', password => 'a_big_secret',
roles => ['admin', 'service'],
} }
class { 'ec2api::db::mysql': class { 'ec2api::db::mysql':
charset => $::openstack_integration::params::mysql_charset, charset => $::openstack_integration::params::mysql_charset,
@ -51,6 +52,7 @@ class openstack_integration::ec2api {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'ec2api::api': class { 'ec2api::api':
my_ip => $::openstack_integration::config::host, my_ip => $::openstack_integration::config::host,

8
manifests/glance.pp
View File

@ -46,6 +46,7 @@ class openstack_integration::glance (
public_url => "http://${::openstack_integration::config::ip_for_url}:9292", public_url => "http://${::openstack_integration::config::ip_for_url}:9292",
internal_url => "http://${::openstack_integration::config::ip_for_url}:9292", internal_url => "http://${::openstack_integration::config::ip_for_url}:9292",
admin_url => "http://${::openstack_integration::config::ip_for_url}:9292", admin_url => "http://${::openstack_integration::config::ip_for_url}:9292",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'glance::api::authtoken': class { 'glance::api::authtoken':
@ -55,6 +56,7 @@ class openstack_integration::glance (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
case $backend { case $backend {
'file': { 'file': {
@ -144,5 +146,11 @@ class openstack_integration::glance (
barbican_endpoint => "${::openstack_integration::config::base_url}:9311", barbican_endpoint => "${::openstack_integration::config::base_url}:9311",
auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3" auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3"
} }
class { 'glance::key_manager::barbican::service_user':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
} }
} }

2
manifests/gnocchi.pp
View File

@ -72,6 +72,7 @@ class openstack_integration::gnocchi (
public_url => "${::openstack_integration::config::base_url}:8041", public_url => "${::openstack_integration::config::base_url}:8041",
internal_url => "${::openstack_integration::config::base_url}:8041", internal_url => "${::openstack_integration::config::base_url}:8041",
admin_url => "${::openstack_integration::config::base_url}:8041", admin_url => "${::openstack_integration::config::base_url}:8041",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'gnocchi::keystone::authtoken': class { 'gnocchi::keystone::authtoken':
@ -81,6 +82,7 @@ class openstack_integration::gnocchi (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'gnocchi::api': class { 'gnocchi::api':
enabled => true, enabled => true,

6
manifests/heat.pp
View File

@ -36,6 +36,7 @@ class openstack_integration::heat (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'heat::trustee': class { 'heat::trustee':
password => 'a_big_secret', password => 'a_big_secret',
@ -83,11 +84,12 @@ class openstack_integration::heat (
host => $::openstack_integration::config::host, host => $::openstack_integration::config::host,
} }
class { 'heat::keystone::auth': class { 'heat::keystone::auth':
password => 'a_big_secret',
configure_delegated_roles => true,
public_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s", public_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
internal_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s", internal_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
admin_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s", admin_url => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
roles => ['admin', 'service'],
password => 'a_big_secret',
configure_delegated_roles => true,
} }
class { 'heat::keystone::auth_cfn': class { 'heat::keystone::auth_cfn':
password => 'a_big_secret', password => 'a_big_secret',

4
manifests/ironic.pp
View File

@ -50,6 +50,7 @@ class openstack_integration::ironic {
public_url => "${::openstack_integration::config::base_url}:6385", public_url => "${::openstack_integration::config::base_url}:6385",
internal_url => "${::openstack_integration::config::base_url}:6385", internal_url => "${::openstack_integration::config::base_url}:6385",
admin_url => "${::openstack_integration::config::base_url}:6385", admin_url => "${::openstack_integration::config::base_url}:6385",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'ironic::api::authtoken': class { 'ironic::api::authtoken':
@ -59,11 +60,13 @@ class openstack_integration::ironic {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'ironic::keystone::auth_inspector': class { 'ironic::keystone::auth_inspector':
public_url => "http://${::openstack_integration::config::ip_for_url}:5050", public_url => "http://${::openstack_integration::config::ip_for_url}:5050",
internal_url => "http://${::openstack_integration::config::ip_for_url}:5050", internal_url => "http://${::openstack_integration::config::ip_for_url}:5050",
admin_url => "http://${::openstack_integration::config::ip_for_url}:5050", admin_url => "http://${::openstack_integration::config::ip_for_url}:5050",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'ironic::client': } class { 'ironic::client': }
@ -104,6 +107,7 @@ class openstack_integration::ironic {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'ironic::pxe': } class { 'ironic::pxe': }
class { 'ironic::inspector::db': class { 'ironic::inspector::db':

2
manifests/magnum.pp
View File

@ -35,6 +35,7 @@ class openstack_integration::magnum (
public_url => "${::openstack_integration::config::base_url}:9511", public_url => "${::openstack_integration::config::base_url}:9511",
internal_url => "${::openstack_integration::config::base_url}:9511", internal_url => "${::openstack_integration::config::base_url}:9511",
admin_url => "${::openstack_integration::config::base_url}:9511", admin_url => "${::openstack_integration::config::base_url}:9511",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
@ -52,6 +53,7 @@ class openstack_integration::magnum (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'magnum::db::mysql': class { 'magnum::db::mysql':

2
manifests/manila.pp
View File

@ -43,6 +43,7 @@ class openstack_integration::manila (
public_url_v2 => "${::openstack_integration::config::base_url}:8786/v2", public_url_v2 => "${::openstack_integration::config::base_url}:8786/v2",
internal_url_v2 => "${::openstack_integration::config::base_url}:8786/v2", internal_url_v2 => "${::openstack_integration::config::base_url}:8786/v2",
admin_url_v2 => "${::openstack_integration::config::base_url}:8786/v2", admin_url_v2 => "${::openstack_integration::config::base_url}:8786/v2",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
configure_user_v2 => false, configure_user_v2 => false,
configure_user_role_v2 => false, configure_user_role_v2 => false,
@ -88,6 +89,7 @@ class openstack_integration::manila (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'manila::api': class { 'manila::api':
service_name => 'httpd', service_name => 'httpd',

2
manifests/mistral.pp
View File

@ -21,6 +21,7 @@ class openstack_integration::mistral {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'mistral::logging': class { 'mistral::logging':
debug => true, debug => true,
@ -50,6 +51,7 @@ class openstack_integration::mistral {
public_url => "${::openstack_integration::config::base_url}:8989/v2", public_url => "${::openstack_integration::config::base_url}:8989/v2",
admin_url => "${::openstack_integration::config::base_url}:8989/v2", admin_url => "${::openstack_integration::config::base_url}:8989/v2",
internal_url => "${::openstack_integration::config::base_url}:8989/v2", internal_url => "${::openstack_integration::config::base_url}:8989/v2",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'mistral::db::mysql': class { 'mistral::db::mysql':

4
manifests/murano.pp
View File

@ -71,6 +71,7 @@ class openstack_integration::murano {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'murano': class { 'murano':
default_transport_url => os_transport_url({ default_transport_url => os_transport_url({
@ -99,10 +100,11 @@ class openstack_integration::murano {
class { 'murano::engine': } class { 'murano::engine': }
class { 'murano::keystone::auth': class { 'murano::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:8082", public_url => "${::openstack_integration::config::base_url}:8082",
internal_url => "${::openstack_integration::config::base_url}:8082", internal_url => "${::openstack_integration::config::base_url}:8082",
admin_url => "${::openstack_integration::config::base_url}:8082", admin_url => "${::openstack_integration::config::base_url}:8082",
roles => ['admin', 'service'],
password => 'a_big_secret',
} }
-> murano_application { 'io.murano': -> murano_application { 'io.murano':
package_path => "${application_package_path}/io.murano.zip", package_path => "${application_package_path}/io.murano.zip",

2
manifests/neutron.pp
View File

@ -157,6 +157,7 @@ class openstack_integration::neutron (
public_url => "${::openstack_integration::config::base_url}:9696", public_url => "${::openstack_integration::config::base_url}:9696",
internal_url => "${::openstack_integration::config::base_url}:9696", internal_url => "${::openstack_integration::config::base_url}:9696",
admin_url => "${::openstack_integration::config::base_url}:9696", admin_url => "${::openstack_integration::config::base_url}:9696",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
@ -246,6 +247,7 @@ class openstack_integration::neutron (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
if $facts['os']['family'] == 'Debian' { if $facts['os']['family'] == 'Debian' {

7
manifests/nova.pp
View File

@ -111,6 +111,7 @@ class openstack_integration::nova (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'nova::keystone::service_user': class { 'nova::keystone::service_user':
send_service_user_token => true, send_service_user_token => true,
@ -199,6 +200,12 @@ class openstack_integration::nova (
auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3", auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3",
barbican_endpoint => "${::openstack_integration::config::base_url}:9311" barbican_endpoint => "${::openstack_integration::config::base_url}:9311"
} }
class { 'nova::key_manager::barbican::service_user':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
}
} }
class { 'nova::compute': class { 'nova::compute':
vnc_enabled => true, vnc_enabled => true,

2
manifests/octavia.pp
View File

@ -103,6 +103,7 @@ class openstack_integration::octavia (
public_url => "${::openstack_integration::config::base_url}:9876", public_url => "${::openstack_integration::config::base_url}:9876",
internal_url => "${::openstack_integration::config::base_url}:9876", internal_url => "${::openstack_integration::config::base_url}:9876",
admin_url => "${::openstack_integration::config::base_url}:9876", admin_url => "${::openstack_integration::config::base_url}:9876",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'octavia::keystone::authtoken': class { 'octavia::keystone::authtoken':
@ -112,6 +113,7 @@ class openstack_integration::octavia (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
File { '/etc/octavia/certs': File { '/etc/octavia/certs':

2
manifests/placement.pp
View File

@ -27,6 +27,7 @@ class openstack_integration::placement {
public_url => "${::openstack_integration::config::base_url}:8778", public_url => "${::openstack_integration::config::base_url}:8778",
internal_url => "${::openstack_integration::config::base_url}:8778", internal_url => "${::openstack_integration::config::base_url}:8778",
admin_url => "${::openstack_integration::config::base_url}:8778", admin_url => "${::openstack_integration::config::base_url}:8778",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'placement::keystone::authtoken': class { 'placement::keystone::authtoken':
@ -36,6 +37,7 @@ class openstack_integration::placement {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'placement::logging': class { 'placement::logging':
debug => true, debug => true,

2
manifests/sahara.pp
View File

@ -35,6 +35,7 @@ class openstack_integration::sahara (
public_url => "${::openstack_integration::config::base_url}:8386", public_url => "${::openstack_integration::config::base_url}:8386",
internal_url => "${::openstack_integration::config::base_url}:8386", internal_url => "${::openstack_integration::config::base_url}:8386",
admin_url => "${::openstack_integration::config::base_url}:8386", admin_url => "${::openstack_integration::config::base_url}:8386",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'sahara::logging': class { 'sahara::logging':
@ -70,6 +71,7 @@ class openstack_integration::sahara (
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'sahara::service::api': class { 'sahara::service::api':
service_name => 'httpd', service_name => 'httpd',

2
manifests/swift.pp
View File

@ -75,6 +75,7 @@ class openstack_integration::swift {
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3", www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
auth_url => "${::openstack_integration::config::keystone_admin_uri}/", auth_url => "${::openstack_integration::config::keystone_admin_uri}/",
password => 'a_big_secret', password => 'a_big_secret',
service_token_roles_required => true,
} }
class { 'swift::proxy::keystone': class { 'swift::proxy::keystone':
operator_roles => ['member', 'admin', 'SwiftOperator'] operator_roles => ['member', 'admin', 'SwiftOperator']
@ -99,6 +100,7 @@ class openstack_integration::swift {
public_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080", public_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080",
admin_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080", admin_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080",
internal_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080", internal_url_s3 => "http://${::openstack_integration::config::ip_for_url}:8080",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'],
} }

4
manifests/trove.pp
View File

@ -55,10 +55,11 @@ class openstack_integration::trove {
host => $::openstack_integration::config::host, host => $::openstack_integration::config::host,
} }
class { 'trove::keystone::auth': class { 'trove::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s", public_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s",
internal_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s", internal_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s",
admin_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s", admin_url => "${::openstack_integration::config::base_url}:8779/v1.0/%(tenant_id)s",
roles => ['admin', 'service'],
password => 'a_big_secret',
} }
class { 'trove::keystone::authtoken': class { 'trove::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
@ -67,6 +68,7 @@ class openstack_integration::trove {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'trove::api::service_credentials': class { 'trove::api::service_credentials':
password => 'a_big_secret', password => 'a_big_secret',

2
manifests/vitrage.pp
View File

@ -83,6 +83,7 @@ class openstack_integration::vitrage {
public_url => "${::openstack_integration::config::base_url}:8999", public_url => "${::openstack_integration::config::base_url}:8999",
internal_url => "${::openstack_integration::config::base_url}:8999", internal_url => "${::openstack_integration::config::base_url}:8999",
admin_url => "${::openstack_integration::config::base_url}:8999", admin_url => "${::openstack_integration::config::base_url}:8999",
roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
class { 'vitrage::keystone::authtoken': class { 'vitrage::keystone::authtoken':
@ -92,6 +93,7 @@ class openstack_integration::vitrage {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'vitrage::api': class { 'vitrage::api':
enabled => true, enabled => true,

4
manifests/watcher.pp
View File

@ -33,10 +33,11 @@ class openstack_integration::watcher {
}), }),
} }
class { 'watcher::keystone::auth': class { 'watcher::keystone::auth':
password => 'a_big_secret',
public_url => "${::openstack_integration::config::base_url}:9322", public_url => "${::openstack_integration::config::base_url}:9322",
admin_url => "${::openstack_integration::config::base_url}:9322", admin_url => "${::openstack_integration::config::base_url}:9322",
internal_url => "${::openstack_integration::config::base_url}:9322", internal_url => "${::openstack_integration::config::base_url}:9322",
roles => ['admin', 'service'],
password => 'a_big_secret',
} }
class {'watcher::keystone::authtoken': class {'watcher::keystone::authtoken':
password => 'a_big_secret', password => 'a_big_secret',
@ -46,6 +47,7 @@ class openstack_integration::watcher {
auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3", auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3", www_authenticate_uri => "${::openstack_integration::config::keystone_auth_uri}/v3",
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class { 'watcher::logging': class { 'watcher::logging':
debug => true, debug => true,

5
manifests/zaqar.pp
View File

@ -19,11 +19,11 @@ class openstack_integration::zaqar {
host => $::openstack_integration::config::host, host => $::openstack_integration::config::host,
} }
class { 'zaqar::keystone::auth': class { 'zaqar::keystone::auth':
password => 'a_big_secret',
roles => ['admin', 'ResellerAdmin'],
public_url => "${::openstack_integration::config::base_url}:8888", public_url => "${::openstack_integration::config::base_url}:8888",
internal_url => "${::openstack_integration::config::base_url}:8888", internal_url => "${::openstack_integration::config::base_url}:8888",
admin_url => "${::openstack_integration::config::base_url}:8888", admin_url => "${::openstack_integration::config::base_url}:8888",
roles => ['admin', 'service'],
password => 'a_big_secret',
} }
class { 'zaqar::keystone::auth_websocket': class { 'zaqar::keystone::auth_websocket':
public_url => "ws://${::openstack_integration::config::ip_for_url}:8888", public_url => "ws://${::openstack_integration::config::ip_for_url}:8888",
@ -52,6 +52,7 @@ class openstack_integration::zaqar {
auth_url => $::openstack_integration::config::keystone_admin_uri, auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri, www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers, memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
} }
class {'zaqar': class {'zaqar':
unreliable => true, unreliable => true,