Puppet Class: magnum::keystone::domain

Defined in:
manifests/keystone/domain.pp

Overview

Class: magnum::keystone::domain

Configures magnum domain in Keystone.

Parameters

cluster_user_trust

enable creation of a user trust for clusters. Defaults to $facts.

domain_name

magnum domain name. Defaults to ‘magnum’.

domain_id

id of the domain to create trustee for clusters. Defaults to $facts.

domain_admin

Keystone domain admin user which will be created. Defaults to ‘magnum_admin’.

domain_admin_id

Id of the admin with roles sufficient to manage users in the trustee_domain. Defaults to $facts.

domain_admin_domain_name

Name of the domain admin user’s domain. Defaults to $domain_name.

domain_admin_domain_id

Id of the domain admin user’s domain. Defaults to $facts.

domain_admin_email

Keystone domain admin user email address. Defaults to ‘magnum_admin@localhost’.

domain_password

Keystone domain admin user password. Required when manage_user is true. Defaults to ‘changeme’.

roles

The roles which are delegated to the trustee by the trustor. Defaults to $facts.

keystone_interface

Auth interface used by instances/trustee. Defaults to ‘public’.

keystone_region_name

Region in Identity service catalog to use for communication with the OpenStack service. Defaults to $facts.

manage_domain

Whether manage or not the domain creation. If using the default domain, it needs to be False because puppet-keystone can already manage it. Defaults to ‘true’.

manage_user

Whether manage or not the user creation. Defaults to ‘true’.

manage_role

Whether manage or not the user role creation. Defaults to ‘true’.

Parameters:

  • cluster_user_trust (Any) (defaults to: $facts['os_service_default'])
  • domain_name (Any) (defaults to: 'magnum')
  • domain_id (Any) (defaults to: $facts['os_service_default'])
  • domain_admin (Any) (defaults to: 'magnum_admin')
  • domain_admin_id (Any) (defaults to: $facts['os_service_default'])
  • domain_admin_email (Any) (defaults to: 'magnum_admin@localhost')
  • domain_password (Any) (defaults to: undef)
  • domain_admin_domain_name (Any) (defaults to: $facts['os_service_default'])
  • domain_admin_domain_id (Any) (defaults to: $facts['os_service_default'])
  • roles (Any) (defaults to: $facts['os_service_default'])
  • keystone_interface (Any) (defaults to: 'public')
  • keystone_region_name (Any) (defaults to: $facts['os_service_default'])
  • manage_domain (Boolean) (defaults to: true)
  • manage_user (Boolean) (defaults to: true)
  • manage_role (Boolean) (defaults to: true) 


71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
# File 'manifests/keystone/domain.pp', line 71

class magnum::keystone::domain (
  $cluster_user_trust       = $facts['os_service_default'],
  $domain_name              = 'magnum',
  $domain_id                = $facts['os_service_default'],
  $domain_admin             = 'magnum_admin',
  $domain_admin_id          = $facts['os_service_default'],
  $domain_admin_email       = 'magnum_admin@localhost',
  $domain_password          = undef,
  $domain_admin_domain_name = $facts['os_service_default'],
  $domain_admin_domain_id   = $facts['os_service_default'],
  $roles                    = $facts['os_service_default'],
  $keystone_interface       = 'public',
  $keystone_region_name     = $facts['os_service_default'],
  Boolean $manage_domain    = true,
  Boolean $manage_user      = true,
  Boolean $manage_role      = true,
) {

  include magnum::deps
  include magnum::params

  if $manage_domain {
    ensure_resource('keystone_domain', $domain_name, {
      'ensure'  => 'present',
      'enabled' => true,
    })
  }

  if $manage_user {
    if $domain_password == undef {
      fail('domain_password is required when managing the domain user')
    }

    ensure_resource('keystone_user', "${domain_admin}::${domain_name}", {
      'ensure'   => 'present',
      'enabled'  => true,
      'email'    => $domain_admin_email,
      'password' => $domain_password,
    })
  }

  if $manage_role {
    ensure_resource('keystone_user_role', "${domain_admin}::${domain_name}@::${domain_name}", {
      'roles' => ['admin'],
    })
  }

  $domain_password_real = pick($domain_password, $facts['os_service_default'])

  magnum_config {
    'trust/cluster_user_trust':                value => $cluster_user_trust;
    'trust/trustee_domain_name':               value => $domain_name;
    'trust/trustee_domain_id':                 value => $domain_id;
    'trust/trustee_domain_admin_name':         value => $domain_admin;
    'trust/trustee_domain_admin_id':           value => $domain_admin_id;
    'trust/trustee_domain_admin_domain_name':  value => $domain_admin_domain_name;
    'trust/trustee_domain_admin_domain_id':    value => $domain_admin_domain_id;
    'trust/trustee_domain_admin_password':     value => $domain_password_real, secret => true;
    'trust/roles':                             value => $roles;
    'trust/trustee_keystone_interface':        value => $keystone_interface;
    'trust/trustee_keystone_region_name':      value => $keystone_region_name;
  }

}