Puppet Class: swift::keystone::auth
- Defined in:
- manifests/keystone/auth.pp
Overview
Class: swift::keystone::auth
This class creates keystone users, services, endpoints, and roles for swift services.
The user is given the admin role in the services tenant.
Parameters:
- auth_name
-
String. The name of the user. Optional. Defaults to ‘swift’.
- password
-
String. The user’s password. Optional. Defaults to ‘swift_password’.
- tenant
-
(Optional) The tenant to use for the swift service user Defaults to ‘services’
- roles
-
(Optional) List of roles assigned to swift user. Defaults to [‘admin’]
- system_scope
-
(Optional) Scope for system operations. Defaults to ‘all’
- system_roles
-
(Optional) List of system roles assigned to swift user. Defaults to []
-
(Optional) The email address for the swift service user Defaults to ‘swift@localhost’
- region
-
(Optional) The region in which to place the endpoints Defaults to ‘RegionOne’
- operator_roles
-
(Optional) Array of strings. List of roles Swift considers as admin. Defaults to ‘[’admin’, ‘SwiftOperator’]‘
- configure_endpoint
-
(optional) Whether to create the endpoint. Defaults to true
- configure_s3_endpoint
-
(optional) Whether to create the S3 endpoint. Defaults to true
- configure_user
-
(Optional) Whether to create the service user. Defaults to ‘true’.
- configure_user_role
-
(Optional) Whether to configure the admin role for the service user. Defaults to ‘true’.
- service_name
-
(optional) Name of the service. Defaults to ‘swift’
- service_name_s3
-
(optional) Name of the s3 service. Defaults to ‘swift_s3’
- service_type
-
(Optional) Type of service. Defaults to ‘object-store’.
- service_type_s3
-
(Optional) Type of s3 service. Defaults to ‘s3’.
- service_description
-
(optional) Description for keystone service. Defaults to ‘OpenStack Object-Store Service’.
- service_description_s3
-
(optional) Description for keystone s3 service. Defaults to ‘OpenStack S3 Service’.
- public_url
-
(optional) The endpoint’s public url. (Defaults to ‘127.0.0.1:8080/v1/AUTH_%(tenant_id)s’) This url should not contain any trailing ‘/’.
- admin_url
-
(optional) The endpoint’s admin url. (Defaults to ‘127.0.0.1:8080’) This url should not contain any trailing ‘/’.
- internal_url
-
(optional) The endpoint’s internal url. (Defaults to ‘127.0.0.1:8080/v1/AUTH_%(tenant_id)s’) This url should not contain any trailing ‘/’.
- public_url_s3
-
(optional) The endpoint’s public url. (Defaults to ‘127.0.0.1:8080’) This url should not contain any trailing ‘/’.
- admin_url_s3
-
(optional) The endpoint’s admin url. (Defaults to ‘127.0.0.1:8080’) This url should not contain any trailing ‘/’.
- internal_url_s3
-
(optional) The endpoint’s internal url. (Defaults to ‘127.0.0.1:8080’) This url should not contain any trailing ‘/’.
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 |
# File 'manifests/keystone/auth.pp', line 110
class swift::keystone::auth(
$auth_name = 'swift',
$password = undef,
$tenant = 'services',
$roles = ['admin'],
$system_scope = 'all',
$system_roles = [],
$email = 'swift@localhost',
$region = 'RegionOne',
$operator_roles = ['admin', 'SwiftOperator'],
$service_name = 'swift',
$service_name_s3 = 'swift_s3',
$service_type = 'object-store',
$service_type_s3 = 's3',
$service_description = 'OpenStack Object-Store Service',
$service_description_s3 = 'OpenStack S3 Service',
$configure_endpoint = true,
$configure_s3_endpoint = true,
$configure_user = true,
$configure_user_role = true,
$public_url = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
$admin_url = 'http://127.0.0.1:8080',
$internal_url = 'http://127.0.0.1:8080/v1/AUTH_%(tenant_id)s',
$public_url_s3 = 'http://127.0.0.1:8080',
$admin_url_s3 = 'http://127.0.0.1:8080',
$internal_url_s3 = 'http://127.0.0.1:8080',
) {
include swift::deps
if $password == undef {
warning('Usage of the default password is deprecated and will be removed in a future release. \
Please set password parameter')
$password_real = 'swift_password'
} else {
$password_real = $password
}
if $service_name == $service_name_s3 {
fail('swift::keystone::auth parameters service_name and service_name_s3 must be different.')
}
if $configure_endpoint {
Keystone_endpoint["${region}/${service_name}::${service_type}"] -> Anchor['swift::service::end']
}
if $configure_s3_endpoint {
Keystone_endpoint["${region}/${service_name_s3}::${service_type_s3}"] -> Anchor['swift::service::end']
}
keystone::resource::service_identity { 'swift':
configure_endpoint => $configure_endpoint,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
service_name => $service_name,
service_type => $service_type,
service_description => $service_description,
region => $region,
auth_name => $auth_name,
password => $password_real,
email => $email,
tenant => $tenant,
roles => $roles,
system_scope => $system_scope,
system_roles => $system_roles,
public_url => $public_url,
admin_url => $admin_url,
internal_url => $internal_url,
}
keystone::resource::service_identity { 'swift_s3':
configure_user => false,
configure_user_role => false,
configure_endpoint => $configure_s3_endpoint,
configure_service => $configure_s3_endpoint,
service_name => $service_name_s3,
service_type => $service_type_s3,
service_description => $service_description_s3,
region => $region,
public_url => $public_url_s3,
admin_url => $admin_url_s3,
internal_url => $internal_url_s3,
}
if $operator_roles {
#Roles like "admin" may be defined elsewhere, so use ensure_resource
ensure_resource('keystone_role', $operator_roles, { 'ensure' => 'present' })
}
}
|