Puppet Class: nova::key_manager::barbican
- Defined in:
- manifests/key_manager/barbican.pp
Overview
Class: nova::key_manager::barbican
Setup and configure Barbican Key Manager options
Parameters
- barbican_endpoint
-
(Optional) Use this endpoint to connect to Barbican. Defaults to $facts
- barbican_api_version
-
(Optional) Version of the Barbican API. Defaults to $facts
- auth_endpoint
-
(Optional) Use this endpoint to connect to Keystone. Defaults to $facts
- retry_delay
-
(Optional) Number of seconds to wait before retrying poll for key creation completion. Defaults to $facts
- number_of_retries
-
(Optional) Number of times to retry poll fo key creation completion. Defaults to $facts
- barbican_endpoint_type
-
(Optional) Specifies the type of endpoint. Defaults to $facts
- barbican_region_name
-
(Optional) Specifies the region of the chosen endpoint. Defaults to $facts
- send_service_user_token
-
(Optional) The service uses service token feature when this is set as true. Defaults to $facts
- insecure
-
(Optional) If true, explicitly allow TLS without checking server cert against any certificate authorities. WARNING: not recommended. Use with caution. Defaults to $facts
- cafile
-
(Optional) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to $facts.
- certfile
-
(Optional) Required if identity server requires client certificate Defaults to $facts.
- keyfile
-
(Optional) Required if identity server requires client certificate Defaults to $facts.
- timeout
-
(Optional) Timeout value for connecting to barbican in seconds. Defaults to $facts
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'manifests/key_manager/barbican.pp', line 63
class nova::key_manager::barbican (
$barbican_endpoint = $facts['os_service_default'],
$barbican_api_version = $facts['os_service_default'],
$auth_endpoint = $facts['os_service_default'],
$retry_delay = $facts['os_service_default'],
$number_of_retries = $facts['os_service_default'],
$barbican_endpoint_type = $facts['os_service_default'],
$barbican_region_name = $facts['os_service_default'],
$send_service_user_token = $facts['os_service_default'],
$insecure = $facts['os_service_default'],
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$timeout = $facts['os_service_default'],
) {
include nova::deps
# cryptsetup is required when Barbican is encrypting volumes
stdlib::ensure_packages('cryptsetup', {
ensure => present,
tag => 'openstack',
})
oslo::key_manager::barbican { 'nova_config':
barbican_endpoint => $barbican_endpoint,
barbican_api_version => $barbican_api_version,
auth_endpoint => $auth_endpoint,
retry_delay => $retry_delay,
number_of_retries => $number_of_retries,
barbican_endpoint_type => $barbican_endpoint_type,
barbican_region_name => $barbican_region_name,
send_service_user_token => $send_service_user_token,
insecure => $insecure,
cafile => $cafile,
certfile => $certfile,
keyfile => $keyfile,
timeout => $timeout,
}
}
|