Puppet Class: swift::keystone::auth

Defined in:
manifests/keystone/auth.pp

Overview

Class: swift::keystone::auth

This class creates keystone users, services, endpoints, and roles for swift services.

The user is given the admin role in the services tenant.

Parameters

auth_user

String. The name of the user. Optional. Defaults to ‘swift’.

password

String. The user’s password. Optional. Defaults to ‘swift_password’.

operator_roles

Array of strings. List of roles Swift considers as admin.

Parameters:

  • auth_name (Any) (defaults to: 'swift')
  • password (Any) (defaults to: 'swift_password')
  • port (Any) (defaults to: '8080')
  • tenant (Any) (defaults to: 'services')
  • email (Any) (defaults to: 'swift@localhost')
  • region (Any) (defaults to: 'RegionOne')
  • operator_roles (Any) (defaults to: ['admin', 'SwiftOperator'])
  • public_protocol (Any) (defaults to: 'http')
  • public_address (Any) (defaults to: '127.0.0.1')
  • public_port (Any) (defaults to: undef)
  • admin_protocol (Any) (defaults to: 'http')
  • admin_address (Any) (defaults to: undef)
  • internal_protocol (Any) (defaults to: 'http')
  • internal_address (Any) (defaults to: undef)
  • configure_endpoint (Any) (defaults to: true)
  • configure_s3_endpoint (Any) (defaults to: true)
  • endpoint_prefix (Any) (defaults to: 'AUTH')


20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# File 'manifests/keystone/auth.pp', line 20

class swift::keystone::auth(
  $auth_name              = 'swift',
  $password               = 'swift_password',
  $port                   = '8080',
  $tenant                 = 'services',
  $email                  = 'swift@localhost',
  $region                 = 'RegionOne',
  $operator_roles         = ['admin', 'SwiftOperator'],
  $public_protocol        = 'http',
  $public_address         = '127.0.0.1',
  $public_port            = undef,
  $admin_protocol         = 'http',
  $admin_address          = undef,
  $internal_protocol      = 'http',
  $internal_address       = undef,
  $configure_endpoint     = true,
  $configure_s3_endpoint  = true,
  $endpoint_prefix        = 'AUTH',
) {

  if ! $public_port {
    $real_public_port = $port
  } else {
    $real_public_port = $public_port
  }
  if ! $admin_address {
    $real_admin_address = $public_address
  } else {
    $real_admin_address = $admin_address
  }
  if ! $internal_address {
    $real_internal_address = $public_address
  } else {
    $real_internal_address = $internal_address
  }

  keystone_user { $auth_name:
    ensure   => present,
    password => $password,
    email    => $email,
    tenant   => $tenant,
  }
  keystone_user_role { "${auth_name}@${tenant}":
    ensure  => present,
    roles   => 'admin',
    require => Keystone_user[$auth_name]
  }

  keystone_service { $auth_name:
    ensure      => present,
    type        => 'object-store',
    description => 'Openstack Object-Store Service',
  }

  if $configure_endpoint {
    keystone_endpoint { "${region}/${auth_name}":
      ensure       => present,
      public_url   => "${public_protocol}://${public_address}:${real_public_port}/v1/${endpoint_prefix}_%(tenant_id)s",
      admin_url    => "${admin_protocol}://${real_admin_address}:${port}/",
      internal_url => "${internal_protocol}://${real_internal_address}:${port}/v1/${endpoint_prefix}_%(tenant_id)s",
    }
  }

  if $configure_s3_endpoint {
    keystone_service { "${auth_name}_s3":
      ensure      => present,
      type        => 's3',
      description => 'Openstack S3 Service',
    }

    keystone_endpoint { "${region}/${auth_name}_s3":
      ensure       => present,
      public_url   => "${public_protocol}://${public_address}:${real_public_port}",
      admin_url    => "${admin_protocol}://${real_admin_address}:${port}",
      internal_url => "${internal_protocol}://${real_internal_address}:${port}",
    }
  }

  if $operator_roles {
    #Roles like "admin" may be defined elsewhere, so use ensure_resource
    ensure_resource('keystone_role', $operator_roles, { 'ensure' => 'present' })
  }

}