stackforge/puppet-openstack-cloud
Code Issues Proposed changes
puppet-openstack-cloud/manifests/identity/identity-controller.pp
Emilien Macchi 4bcb03551c Rename roles to manifests 
With the goal to transform this work in a complete puppet module,
this patch aims to rename roles to manifests.

Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
2013-12-28 10:27:42 +01:00

242 lines
10 KiB
Puppet
Raw Blame History

#
# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Identity controller
#
class os_identity_controller (
$identity_roles_addons = $os_params::identity_roles_addons,
$keystone_db_host = $os_params::keystone_db_host,
$keystone_db_password = $os_params::keystone_db_password,
$keystone_db_user = $os_params::keystone_db_user,
$keystone_memcached = $os_params::keystone_memcached,
$ks_admin_email = $os_params::ks_admin_email,
$ks_admin_password = $os_params::ks_admin_password,
$ks_admin_tenant = $os_params::ks_admin_tenant,
$ks_admin_token = $os_params::ks_admin_token,
$ks_ceilometer_admin_host = $os_params::ks_ceilometer_admin_host,
$ks_ceilometer_internal_host = $os_params::ks_ceilometer_internal_host,
$ks_ceilometer_password = $os_params::ks_ceilometer_password,
$ks_ceilometer_public_host = $os_params::ks_ceilometer_public_host,
$ks_ceilometer_public_port = $os_params::ks_ceilometer_public_port,
$ks_ceilometer_public_proto = $os_params::ks_ceilometer_public_proto,
$ks_cinder_admin_host = $os_params::ks_cinder_admin_host,
$ks_cinder_internal_host = $os_params::ks_cinder_internal_host,
$ks_cinder_password = $os_params::ks_cinder_password,
$ks_cinder_public_host = $os_params::ks_cinder_public_host,
$ks_cinder_public_proto = $os_params::ks_cinder_public_proto,
$ks_glance_admin_host = $os_params::ks_glance_admin_host,
$ks_glance_internal_host = $os_params::ks_glance_internal_host,
$ks_glance_password = $os_params::ks_glance_password,
$ks_glance_public_host = $os_params::ks_glance_public_host,
$ks_glance_public_proto = $os_params::ks_glance_public_proto,
$ks_heat_admin_host = $os_params::ks_heat_admin_host,
$ks_heat_internal_host = $os_params::ks_heat_internal_host,
$ks_heat_password = $os_params::ks_heat_password,
$ks_heat_public_host = $os_params::ks_heat_public_host,
$ks_heat_public_proto = $os_params::ks_heat_public_proto,
$ks_internal_ceilometer_port = $os_params::ks_internal_ceilometer_port,
$ks_keystone_admin_host = $os_params::ks_keystone_admin_host,
$ks_keystone_admin_port = $os_params::ks_keystone_admin_port,
$ks_keystone_internal_host = $os_params::ks_keystone_internal_host,
$ks_keystone_internal_port = $os_params::ks_keystone_internal_port,
$ks_keystone_public_host = $os_params::ks_keystone_public_host,
$ks_keystone_public_port = $os_params::ks_keystone_public_port,
$ks_keystone_public_proto = $os_params::ks_keystone_public_proto,
$ks_neutron_admin_host = $os_params::ks_neutron_admin_host,
$ks_neutron_internal_host = $os_params::ks_neutron_internal_host,
$ks_neutron_password = $os_params::ks_neutron_password,
$ks_neutron_public_host = $os_params::ks_neutron_public_host,
$ks_neutron_public_proto = $os_params::ks_neutron_public_proto,
$ks_nova_admin_host = $os_params::ks_nova_admin_host,
$ks_nova_internal_host = $os_params::ks_nova_internal_host,
$ks_nova_password = $os_params::ks_nova_password,
$ks_nova_public_host = $os_params::ks_nova_public_host,
$ks_nova_public_proto = $os_params::ks_nova_public_proto,
$ks_swift_dispersion_password = $os_params::ks_swift_dispersion_password,
$ks_swift_internal_host = $os_params::ks_swift_internal_host,
$ks_swift_internal_port = $os_params::ks_swift_internal_port,
$ks_swift_password = $os_params::ks_swift_password,
$ks_swift_public_host = $os_params::ks_swift_public_host,
$ks_swift_public_port = $os_params::ks_swift_public_port,
$ks_swift_public_proto = $os_params::ks_swift_public_proto,
$local_ip = $ipaddress_eth0,
$region = $os_params::region,
$verbose = $os_params::verbose,
$debug = $os_params::debug
){
$encoded_user = uriescape($keystone_db_user)
$encoded_password = uriescape($keystone_db_password)
# Configure Keystone
class { 'keystone':
enabled => false,
admin_token => $ks_admin_token,
compute_port => '8774',
debug => $debug,
idle_timeout => 60,
log_facility => 'LOG_LOCAL0',
memcache_servers => $keystone_memcached,
sql_connection => "mysql://${encoded_user}:${encoded_password}@${keystone_db_host}/keystone",
token_driver => 'keystone.token.backends.memcache.Token',
token_format => 'UUID',
use_syslog => true,
verbose => $verbose,
}
keystone_config {
'token/expiration': value => '86400';
'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
}
# Keystone Endpoints + Users
class { 'keystone::roles::admin':
email => $ks_admin_email,
password => $ks_admin_password,
admin_tenant => $ks_admin_tenant,
}
keystone_role { $identity_roles_addons: ensure => present }
class {'keystone::endpoint':
admin_address => $ks_keystone_admin_host,
admin_port => $ks_keystone_admin_port,
internal_address => $ks_keystone_internal_host,
internal_port => $ks_keystone_internal_port,
public_address => $ks_keystone_public_host,
public_port => $ks_keystone_public_port,
public_protocol => $ks_keystone_public_proto,
region => $region,
}
keystone_config { 'ssl/enable': ensure => absent }
include 'apache'
class {'keystone::wsgi::apache':
servername => $::fqdn,
admin_port => $ks_keystone_admin_port,
public_port => $ks_keystone_public_port,
workers => $::processorcount,
ssl => false,
}
class {'swift::keystone::auth':
address => $ks_swift_internal_host,
password => $ks_swift_password,
port => $ks_swift_internal_port,
public_address => $ks_swift_public_host,
public_port => $ks_swift_public_port,
public_protocol => $ks_swift_public_proto,
region => $region,
}
class {'ceilometer::keystone::auth':
admin_address => $ks_ceilometer_admin_host,
internal_address => $ks_ceilometer_internal_host,
password => $ks_ceilometer_password,
port => $ks_internal_ceilometer_port,
public_address => $ks_ceilometer_public_host,
public_protocol => $ks_ceilometer_public_proto,
region => $region,
}
class {'swift::keystone::dispersion':
auth_pass => $ks_swift_dispersion_password
}
class { 'nova::keystone::auth':
admin_address => $ks_nova_admin_host,
cinder => true,
internal_address => $ks_nova_internal_host,
password => $ks_nova_password,
public_address => $ks_nova_public_host,
public_protocol => $ks_nova_public_proto,
}
class { 'neutron::keystone::auth':
admin_address => $ks_neutron_admin_host,
internal_address => $ks_neutron_internal_host,
password => $ks_neutron_password,
public_address => $ks_neutron_public_host,
public_protocol => $ks_neutron_public_proto,
}
class { 'cinder::keystone::auth':
admin_address => $ks_cinder_admin_host,
internal_address => $ks_cinder_internal_host,
password => $ks_cinder_password,
public_address => $ks_cinder_public_host,
public_protocol => $ks_cinder_public_proto,
}
class { 'glance::keystone::auth':
admin_address => $ks_glance_admin_host,
internal_address => $ks_glance_internal_host,
password => $ks_glance_password,
public_address => $ks_glance_public_host,
public_protocol => $ks_glance_public_proto,
}
class { 'heat::keystone::auth':
admin_address => $ks_heat_admin_host,
internal_address => $ks_heat_internal_host,
password => $ks_heat_password,
public_address => $ks_heat_public_host,
public_protocol => $ks_heat_public_proto,
}
class { 'heat::keystone::auth_cfn':
admin_address => $ks_heat_admin_host,
internal_address => $ks_heat_internal_host,
password => $ks_heat_password,
public_address => $ks_heat_public_host,
public_protocol => $ks_heat_public_proto,
}
@@haproxy::balancermember{"${::fqdn}-keystone_api":
listening_service => 'keystone_api_cluster',
server_names => $::hostname,
ipaddresses => $local_ip,
ports => $ks_keystone_internal_port,
options => 'check inter 2000 rise 2 fall 5'
}
@@haproxy::balancermember{"${::fqdn}-keystone_api_admin":
listening_service => 'keystone_api_admin_cluster',
server_names => $::hostname,
ipaddresses => $local_ip,
ports => $ks_keystone_admin_port,
options => 'check inter 2000 rise 2 fall 5'
}
# Todo(EmilienM): check if we still actually need this workaround. If not, we have to delete this section:
#
# Workaround for error "HTTPConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url"
# In fact, when keystone finish to start but admin port isn't already usable, so wait a bit
# exec{'wait-keystone': command => '/bin/sleep 5' }
# Service['keystone'] -> Exec['wait-keystone']
# Exec['wait-keystone'] -> Keystone_tenant <| |>
# Exec['wait-keystone'] -> Keystone_user <| |>
# Exec['wait-keystone'] -> Keystone_role <| |>
# Exec['wait-keystone'] -> Keystone_service <| |>
# Exec['wait-keystone'] -> Keystone_user_role <| |>
# Exec['wait-keystone'] -> Keystone_endpoint <| |>
}
View Git Blame Copy Permalink