Refactor keystone service and endpoint to be more like other puppet modules

Also provide adminProjectName which is necessary if authenticating monasca-api via username/password with keystone middleware. Change-Id: Idf676ab0e8db0e612376121efcb3cabe54245c0c
2016-01-22 08:45:07 -07:00 · 2016-01-22 08:45:07 -07:00 · 86edf5d18c
parent 639b9a3133
commit 86edf5d18c
4 changed files with 43 additions and 38 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -111,6 +111,7 @@ class monasca::api (

  #Variables for the template
  $admin_password = $::monasca::params::admin_password
+  $admin_project_name = $::monasca::params::admin_project_name
  $admin_name = $::monasca::params::admin_name
  $auth_method = $::monasca::params::auth_method
  $sql_host = $::monasca::params::sql_host
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@ -184,12 +184,6 @@ class monasca::keystone::auth (
  }

  if $configure_user {
-    keystone_user { $admin_name:
-      ensure   => present,
-      password => $admin_password,
-      email    => $admin_email,
-      before   => Service['monasca-agent'],
-    }
    keystone_user { $agent_name:
      ensure   => present,
      password => $agent_password,
@ -251,11 +245,6 @@ class monasca::keystone::auth (
      require => $real_user_roles_agent,
      before  => Service['monasca-agent'],
    }
-    keystone_user_role { "${admin_name}@${tenant}":
-      ensure => present,
-      roles  => $real_user_roles_admin,
-      before => Service['monasca-agent'],
-    }
    keystone_user_role { "${user_name}@${tenant}":
      ensure  => present,
      roles   => [$role_user],
@ -264,17 +253,26 @@ class monasca::keystone::auth (
    }
  }

-  keystone_service { "${real_service_name}::${service_type}":
-    ensure      => present,
-    type        => $service_type,
-    description => $service_description,
+  keystone::resource::service_identity { 'Monasca Service':
+    configure_user      => $configure_user,
+    configure_user_role => $configure_user_role,
+    configure_endpoint  => $configure_endpoint,
+    service_type        => $service_type,
+    service_description => $service_description,
+    service_name        => $real_service_name,
+    region              => $region,
+    roles               => $real_user_roles_admin,
+    auth_name           => $admin_name,
+    password            => $admin_password,
+    email               => $admin_email,
+    tenant              => $tenant,
+    public_url          => $public_url_real,
+    admin_url           => $admin_url_real,
+    internal_url        => $internal_url_real,
  }
+
  if $configure_endpoint {
-    keystone_endpoint { "${region}/${real_service_name}::${service_type}":
-      ensure       => present,
-      public_url   => $public_url_real,
-      admin_url    => $admin_url_real,
-      internal_url => $internal_url_real,
-    }
+    Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~>
+      Service <| name == 'monasca-api' |>
  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -35,6 +35,9 @@
 # [*admin_password*]
 #   password for the monasca admin user
 #
+# [*admin_project_name*]
+#   project name for the monasca admin user
+#
 # [*agent_password*]
 #   password for the monasca agent user
 #
@ -60,23 +63,24 @@
 #   password for the monasca persister database user
 #
 class monasca::params(
-    $api_db_user      = 'mon_api',
-    $api_db_password  = undef,
-    $port             = '8070',
-    $api_version      = 'v2.0',
-    $region           = 'RegionOne',
-    $admin_name       = 'monasca-admin',
-    $agent_name       = 'monasca-agent',
-    $user_name        = 'monasca-user',
-    $auth_method      = 'token',
-    $admin_password   = undef,
-    $agent_password   = undef,
-    $user_password    = undef,
-    $sql_host         = undef,
-    $sql_user         = undef,
-    $sql_password     = undef,
-    $pers_db_user     = 'mon_persister',
-    $pers_db_password = undef,
+    $api_db_user        = 'mon_api',
+    $api_db_password    = undef,
+    $port               = '8070',
+    $api_version        = 'v2.0',
+    $region             = 'RegionOne',
+    $admin_name         = 'monasca-admin',
+    $agent_name         = 'monasca-agent',
+    $user_name          = 'monasca-user',
+    $auth_method        = 'token',
+    $admin_password     = undef,
+    $admin_project_name = undef,
+    $agent_password     = undef,
+    $user_password      = undef,
+    $sql_host           = undef,
+    $sql_user           = undef,
+    $sql_password       = undef,
+    $pers_db_user       = 'mon_persister',
+    $pers_db_password   = undef,
    $persister_config_defaults = {
      'admin_port'         => 8091,
      'application_port'   => 8090,
@ -86,6 +90,7 @@ class monasca::params(
    }
 ) {
  validate_string($admin_password)
+  validate_string($admin_project_name)
  validate_string($user_password)
  validate_string($agent_password)
  validate_string($sql_password)
--- a/templates/api-config.yml.erb
+++ b/templates/api-config.yml.erb
@ -71,6 +71,7 @@ middleware:
  adminAuthMethod: <%= @auth_method %>
  adminUser: <%= @admin_name %>
  adminPassword: <%= @admin_password %>
+  adminProjectName: <%= @admin_project_name %>
  adminToken: <%= @keystone_admin_token %>
  timeToCacheToken: 600
  maxTokenCacheSize: 1048576