openstack
/
cookbook-openstack-identity
Code Issues Proposed changes
cookbook-openstack-identity/attributes/default.rb

203 lines
10 KiB
Ruby
Raw Blame History

#
# Cookbook Name:: openstack-identity
# Recipe:: default
#
# Copyright 2012-2013, AT&T Services, Inc.
# Copyright 2013, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default["openstack"]["identity"]["custom_template_banner"] = "
# This file autogenerated by Chef
# Do not edit, changes will be overwritten
"
# Adding these as blank
# this needs to be here for the initial deep-merge to work
default["credentials"]["EC2"]["admin"]["access"] = ""
default["credentials"]["EC2"]["admin"]["secret"] = ""
default["openstack"]["identity"]["db"]["username"] = "keystone"
# Execute database migrations. There are cases where migrations should not be
# executed. For example when upgrading a zone, and the identity database is
# replicated across many zones.
default["openstack"]["identity"]["db"]["migrate"] = true
default["openstack"]["identity"]["verbose"] = "False"
default["openstack"]["identity"]["debug"] = "False"
default["openstack"]["identity"]["service_port"] = "5000"
default["openstack"]["identity"]["admin_port"] = "35357"
default["openstack"]["identity"]["region"] = "RegionOne"
default["openstack"]["identity"]["bind_interface"] = "lo"
# Logging stuff
default["openstack"]["identity"]["syslog"]["use"] = false
default["openstack"]["identity"]["syslog"]["facility"] = "LOG_LOCAL2"
default["openstack"]["identity"]["syslog"]["config_facility"] = "local2"
default["openstack"]["identity"]["admin_user"] = "admin"
default["openstack"]["identity"]["admin_tenant_name"] = "admin"
default["openstack"]["identity"]["users"] = {
default["openstack"]["identity"]["admin_user"] => {
"password" => nil,
"default_tenant" => default["openstack"]["identity"]["admin_tenant_name"],
"roles" => {
"admin" => [ "admin" ],
"KeystoneAdmin" => [ "admin" ],
"KeystoneServiceAdmin" => [ "admin" ]
}
},
"monitoring" => {
"password" => nil,
"default_tenant" => "service",
"roles" => {
"Member" => [ "admin" ]
}
}
}
# PKI signing. Corresponds to the [signing] section of keystone.conf
# Note this section is only written if node["openstack"]["auth"]["straegy"] == "pki"
default["openstack"]["identity"]["signing"]["basedir"] = "/etc/keystone/ssl"
default["openstack"]["identity"]["signing"]["certfile"] = "/etc/keystone/ssl/certs/signing_cert.pem"
default["openstack"]["identity"]["signing"]["keyfile"] = "/etc/keystone/ssl/private/signing_key.pem"
default["openstack"]["identity"]["signing"]["ca_certs"] = "/etc/keystone/ssl/certs/ca.pem"
default["openstack"]["identity"]["signing"]["key_size"] = "1024"
default["openstack"]["identity"]["signing"]["valid_days"] = "3650"
default["openstack"]["identity"]["signing"]["ca_password"] = nil
# These switches set the various drivers for the different Keystone components
default["openstack"]["identity"]["identity"]["backend"] = "sql"
default["openstack"]["identity"]["token"]["backend"] = "sql"
default["openstack"]["identity"]["catalog"]["backend"] = "sql"
# LDAP backend general settings
default["openstack"]["identity"]["ldap"]["url"] = "ldap://localhost"
default["openstack"]["identity"]["ldap"]["user"] = "dc=Manager,dc=example,dc=com"
default["openstack"]["identity"]["ldap"]["password"] = nil
default["openstack"]["identity"]["ldap"]["suffix"] = "cn=example,cn=com"
default["openstack"]["identity"]["ldap"]["use_dumb_member"] = false
default["openstack"]["identity"]["ldap"]["allow_subtree_delete"] = false
default["openstack"]["identity"]["ldap"]["dumb_member"] = "cn=dumb,dc=example,dc=com"
default["openstack"]["identity"]["ldap"]["page_size"] = 0
default["openstack"]["identity"]["ldap"]["alias_dereferencing"] = "default"
default["openstack"]["identity"]["ldap"]["query_scope"] = "one"
# LDAP backend user related settings
default["openstack"]["identity"]["ldap"]["user_tree_dn"] = nil
default["openstack"]["identity"]["ldap"]["user_filter"] = nil
default["openstack"]["identity"]["ldap"]["user_objectclass"] = "inetOrgPerson"
default["openstack"]["identity"]["ldap"]["user_id_attribute"] = "cn"
default["openstack"]["identity"]["ldap"]["user_name_attribute"] = "sn"
default["openstack"]["identity"]["ldap"]["user_mail_attribute"] = "email"
default["openstack"]["identity"]["ldap"]["user_pass_attribute"] = "userPassword"
default["openstack"]["identity"]["ldap"]["user_enabled_attribute"] = "enabled"
default["openstack"]["identity"]["ldap"]["user_domain_id_attribute"] = "businessCategory"
default["openstack"]["identity"]["ldap"]["user_enabled_mask"] = 0
default["openstack"]["identity"]["ldap"]["user_enabled_default"] = "true"
default["openstack"]["identity"]["ldap"]["user_attribute_ignore"] = "tenant_id,tenants"
default["openstack"]["identity"]["ldap"]["user_allow_create"] = true
default["openstack"]["identity"]["ldap"]["user_allow_update"] = true
default["openstack"]["identity"]["ldap"]["user_allow_delete"] = true
default["openstack"]["identity"]["ldap"]["user_enabled_emulation"] = false
default["openstack"]["identity"]["ldap"]["user_enabled_emulation_dn"] = nil
# LDAP backend tenant related settings
default["openstack"]["identity"]["ldap"]["tenant_tree_dn"] = nil
default["openstack"]["identity"]["ldap"]["tenant_filter"] = nil
default["openstack"]["identity"]["ldap"]["tenant_objectclass"] = "groupOfNames"
default["openstack"]["identity"]["ldap"]["tenant_id_attribute"] = "cn"
default["openstack"]["identity"]["ldap"]["tenant_member_attribute"] = "member"
default["openstack"]["identity"]["ldap"]["tenant_name_attribute"] = "ou"
default["openstack"]["identity"]["ldap"]["tenant_desc_attribute"] = "description"
default["openstack"]["identity"]["ldap"]["tenant_enabled_attribute"] = "enabled"
default["openstack"]["identity"]["ldap"]["tenant_domain_id_attribute"] = "businessCategory"
default["openstack"]["identity"]["ldap"]["tenant_attribute_ignore"] = nil
default["openstack"]["identity"]["ldap"]["tenant_allow_create"] = true
default["openstack"]["identity"]["ldap"]["tenant_allow_update"] = true
default["openstack"]["identity"]["ldap"]["tenant_allow_delete"] = true
default["openstack"]["identity"]["ldap"]["tenant_enabled_emulation"] = false
default["openstack"]["identity"]["ldap"]["tenant_enabled_emulation_dn"] = nil
# LDAP backend role related settings
default["openstack"]["identity"]["ldap"]["role_tree_dn"] = nil
default["openstack"]["identity"]["ldap"]["role_filter"] = nil
default["openstack"]["identity"]["ldap"]["role_objectclass"] = "organizationalRole"
default["openstack"]["identity"]["ldap"]["role_id_attribute"] = "cn"
default["openstack"]["identity"]["ldap"]["role_name_attribute"] = "ou"
default["openstack"]["identity"]["ldap"]["role_member_attribute"] = "roleOccupant"
default["openstack"]["identity"]["ldap"]["role_attribute_ignore"] = nil
default["openstack"]["identity"]["ldap"]["role_allow_create"] = true
default["openstack"]["identity"]["ldap"]["role_allow_update"] = true
default["openstack"]["identity"]["ldap"]["role_allow_delete"] = true
# LDAP backend group related settings
default["openstack"]["identity"]["ldap"]["group_tree_dn"] = nil
default["openstack"]["identity"]["ldap"]["group_filter"] = nil
default["openstack"]["identity"]["ldap"]["group_objectclass"] = "groupOfNames"
default["openstack"]["identity"]["ldap"]["group_id_attribute"] = "cn"
default["openstack"]["identity"]["ldap"]["group_name_attribute"] = "ou"
default["openstack"]["identity"]["ldap"]["group_member_attribute"] = "member"
default["openstack"]["identity"]["ldap"]["group_desc_attribute"] = "description"
default["openstack"]["identity"]["ldap"]["group_domain_id_attribute"] = "businessCategory"
default["openstack"]["identity"]["ldap"]["group_attribute_ignore"] = nil
default["openstack"]["identity"]["ldap"]["group_allow_create"] = true
default["openstack"]["identity"]["ldap"]["group_allow_update"] = true
default["openstack"]["identity"]["ldap"]["group_allow_delete"] = true
# platform defaults
case platform
when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
default["openstack"]["identity"]["user"] = "keystone"
default["openstack"]["identity"]["group"] = "keystone"
default["openstack"]["identity"]["platform"] = {
"mysql_python_packages" => [ "MySQL-python" ],
"postgresql_python_packages" => [ "python-psycopg2" ],
"memcache_python_packages" => [ "python-memcached" ],
"keystone_packages" => [ "openstack-keystone" ],
"keystone_service" => "openstack-keystone",
"keystone_process_name" => "keystone-all",
"package_options" => ""
}
when "suse"
default["openstack"]["identity"]["user"] = "openstack-keystone"
default["openstack"]["identity"]["group"] = "openstack-keystone"
default["openstack"]["identity"]["platform"] = {
"mysql_python_packages" => [ "python-mysql" ],
"postgresql_python_packages" => [ "python-psycopg2" ],
"memcache_python_packages" => [ "python-python-memcached" ],
"keystone_packages" => [ "openstack-keystone" ],
"keystone_service" => "openstack-keystone",
"keystone_process_name" => "keystone-all",
"package_options" => ""
}
when "ubuntu"
default["openstack"]["identity"]["user"] = "keystone"
default["openstack"]["identity"]["group"] = "keystone"
default["openstack"]["identity"]["platform"] = {
"mysql_python_packages" => [ "python-mysqldb" ],
"postgresql_python_packages" => [ "python-psycopg2" ],
"memcache_python_packages" => [ "python-memcache" ],
"keystone_packages" => [ "keystone" ],
"keystone_service" => "keystone",
"keystone_process_name" => "keystone-all",
"package_options" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
}
end
View Git Blame Copy Permalink