compass-adapters/chef/cookbooks/openstack-identity/attributes/default.rb

#
# Cookbook Name:: openstack-identity
# Recipe:: default
#
# Copyright 2012-2013, AT&T Services, Inc.
# Copyright 2013, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default["openstack"]["identity"]["custom_template_banner"] = "
# This file autogenerated by Chef
# Do not edit, changes will be overwritten
"

# Adding these as blank
# this needs to be here for the initial deep-merge to work
default["credentials"]["EC2"]["admin"]["access"] = ""
default["credentials"]["EC2"]["admin"]["secret"] = ""

default["openstack"]["identity"]["db"]["username"] = "keystone"
# Execute database migrations.  There are cases where migrations should not be
# executed.  For example when upgrading a zone, and the identity database is
# replicated across many zones.
default["openstack"]["identity"]["db"]["migrate"] = true

default["openstack"]["identity"]["verbose"] = "False"
default["openstack"]["identity"]["debug"] = "False"

default["openstack"]["identity"]["service_port"] = "5000"
default["openstack"]["identity"]["admin_port"] = "35357"
default["openstack"]["identity"]["region"] = "RegionOne"

default["openstack"]["identity"]["bind_interface"] = "lo"

# Logging stuff
default["openstack"]["identity"]["syslog"]["use"] = false
default["openstack"]["identity"]["syslog"]["facility"] = "LOG_LOCAL2"
default["openstack"]["identity"]["syslog"]["config_facility"] = "local2"

# default["openstack"]["identity"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin", "sysadmin", "netadmin" ]
default["openstack"]["identity"]["roles"] = [ "admin", "Member", "KeystoneAdmin", "KeystoneServiceAdmin" ]

#TODO(shep): this should probably be derived from keystone.users hash keys
default["openstack"]["identity"]["tenants"] = [ "admin", "service"]

default["openstack"]["identity"]["admin_user"] = "admin"
default["openstack"]["identity"]["admin_tenant_name"] = "admin"

default["openstack"]["identity"]["users"] = {
    default["openstack"]["identity"]["admin_user"]  => {
        "default_tenant" => default["openstack"]["identity"]["admin_tenant_name"],
        "roles" => {
            "admin" => [ "admin" ],
            "KeystoneAdmin" => [ "admin" ],
            "KeystoneServiceAdmin" => [ "admin" ]
        }
    },
    "monitoring" => {
        "password" => "",
        "default_tenant" => "service",
        "roles" => {
            "Member" => [ "admin" ]
        }
    }
}

# PKI signing. Corresponds to the [signing] section of keystone.conf
# Note this section is only written if node["openstack"]["auth"]["straegy"] == "pki"
default["openstack"]["identity"]["signing"]["basedir"] = "/etc/keystone/ssl"
default["openstack"]["identity"]["signing"]["certfile"] = "/etc/keystone/ssl/certs/signing_cert.pem"
default["openstack"]["identity"]["signing"]["keyfile"] = "/etc/keystone/ssl/private/signing_key.pem"
default["openstack"]["identity"]["signing"]["ca_certs"] = "/etc/keystone/ssl/certs/ca.pem"
default["openstack"]["identity"]["signing"]["key_size"] = "1024"
default["openstack"]["identity"]["signing"]["valid_days"] = "3650"
default["openstack"]["identity"]["signing"]["ca_password"] = nil

# These switches set the various drivers for the different Keystone components
default["openstack"]["identity"]["identity"]["backend"] = "sql"
default["openstack"]["identity"]["token"]["backend"] = "sql"
default["openstack"]["identity"]["catalog"]["backend"] = "sql"

# platform defaults
case platform
when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
  default["openstack"]["identity"]["user"] = "keystone"
  default["openstack"]["identity"]["group"] = "keystone"
  default["openstack"]["identity"]["platform"] = {
    "mysql_python_packages" => [ "MySQL-python" ],
    "postgresql_python_packages" => [ "python-psycopg2" ],
    "memcache_python_packages" => [ "python-memcached" ],
    "keystone_packages" => [ "openstack-keystone" ],
    "keystone_service" => "openstack-keystone",
    "keystone_process_name" => "keystone-all",
    "package_options" => ""
  }
when "suse"
  default["openstack"]["identity"]["user"] = "openstack-keystone"
  default["openstack"]["identity"]["group"] = "openstack-keystone"
  default["openstack"]["identity"]["platform"] = {
    "mysql_python_packages" => [ "python-mysql" ],
    "postgresql_python_packages" => [ "python-psycopg2" ],
    "memcache_python_packages" => [ "python-python-memcached" ],
    "keystone_packages" => [ "openstack-keystone" ],
    "keystone_service" => "openstack-keystone",
    "keystone_process_name" => "keystone-all",
    "package_options" => ""
  }
when "ubuntu"
  default["openstack"]["identity"]["user"] = "keystone"
  default["openstack"]["identity"]["group"] = "keystone"
  default["openstack"]["identity"]["platform"] = {
    "mysql_python_packages" => [ "python-mysqldb" ],
    "postgresql_python_packages" => [ "python-psycopg2" ],
    "memcache_python_packages" => [ "python-memcache" ],
    "keystone_packages" => [ "keystone" ],
    "keystone_service" => "keystone",
    "keystone_process_name" => "keystone-all",
    "package_options" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
  }
end