4ed8366f07
This is a first iteration of testing IPv6 deployment. This patch will deploy scenario002 on centos7 by using IPv6 network. To make it work on Ubuntu, it will require more work, that will be done in future iterations. During my testing, I found some bugs and did not investigate because I wanted a first scenario working on v6. Same for scenario001 and scenario003, they'll be tested later. Change-Id: Ib28b379645b5a3d351438e0408a9de62b9f48302
75 lines
2.6 KiB
Puppet
75 lines
2.6 KiB
Puppet
# Configure the Keystone service
|
|
#
|
|
# [*default_domain*]
|
|
# (optional) Define the default domain id.
|
|
# Set to 'undef' for 'Default' domain.
|
|
# Default to undef.
|
|
#
|
|
# [*using_domain_config*]
|
|
# (optional) Eases the use of the keystone_domain_config resource type.
|
|
# It ensures that a directory for holding the domain configuration is present
|
|
# and the associated configuration in keystone.conf is set up right.
|
|
# Defaults to false
|
|
#
|
|
class openstack_integration::keystone (
|
|
$default_domain = undef,
|
|
$using_domain_config = false,
|
|
) {
|
|
|
|
include ::openstack_integration::config
|
|
include ::openstack_integration::params
|
|
|
|
if $::openstack_integration::config::ssl {
|
|
openstack_integration::ssl_key { 'keystone':
|
|
notify => Service['httpd'],
|
|
require => Package['keystone'],
|
|
}
|
|
Exec['update-ca-certificates'] ~> Service['httpd']
|
|
}
|
|
|
|
class { '::keystone::client': }
|
|
class { '::keystone::cron::token_flush': }
|
|
class { '::keystone::db::mysql':
|
|
password => 'keystone',
|
|
}
|
|
class { '::keystone':
|
|
verbose => true,
|
|
debug => true,
|
|
database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
|
|
admin_token => 'admin_token',
|
|
enabled => true,
|
|
service_name => 'httpd',
|
|
default_domain => $default_domain,
|
|
using_domain_config => $using_domain_config,
|
|
enable_ssl => $::openstack_integration::config::ssl,
|
|
public_bind_host => $::openstack_integration::config::host,
|
|
admin_bind_host => $::openstack_integration::config::host,
|
|
}
|
|
include ::apache
|
|
class { '::keystone::wsgi::apache':
|
|
bind_host => $::openstack_integration::config::ip_for_url,
|
|
admin_bind_host => $::openstack_integration::config::ip_for_url,
|
|
ssl => $::openstack_integration::config::ssl,
|
|
ssl_key => "/etc/keystone/ssl/private/${::fqdn}.pem",
|
|
ssl_cert => $::openstack_integration::params::cert_path,
|
|
workers => 2,
|
|
}
|
|
class { '::keystone::roles::admin':
|
|
email => 'test@example.tld',
|
|
password => 'a_big_secret',
|
|
}
|
|
class { '::keystone::endpoint':
|
|
default_domain => $default_domain,
|
|
public_url => $::openstack_integration::config::keystone_auth_uri,
|
|
admin_url => $::openstack_integration::config::keystone_admin_uri,
|
|
}
|
|
class { '::keystone::disable_admin_token_auth': }
|
|
|
|
class { '::openstack_extras::auth_file':
|
|
password => 'a_big_secret',
|
|
project_domain => 'default',
|
|
user_domain => 'default',
|
|
auth_url => "${::openstack_integration::config::keystone_auth_uri}/v3/",
|
|
}
|
|
}
|