Refactor keystone service and endpoint to be more like other puppet modules
Also provide adminProjectName which is necessary if authenticating monasca-api via username/password with keystone middleware. Change-Id: Idf676ab0e8db0e612376121efcb3cabe54245c0c
This commit is contained in:
parent
639b9a3133
commit
86edf5d18c
|
@ -111,6 +111,7 @@ class monasca::api (
|
|||
|
||||
#Variables for the template
|
||||
$admin_password = $::monasca::params::admin_password
|
||||
$admin_project_name = $::monasca::params::admin_project_name
|
||||
$admin_name = $::monasca::params::admin_name
|
||||
$auth_method = $::monasca::params::auth_method
|
||||
$sql_host = $::monasca::params::sql_host
|
||||
|
|
|
@ -184,12 +184,6 @@ class monasca::keystone::auth (
|
|||
}
|
||||
|
||||
if $configure_user {
|
||||
keystone_user { $admin_name:
|
||||
ensure => present,
|
||||
password => $admin_password,
|
||||
email => $admin_email,
|
||||
before => Service['monasca-agent'],
|
||||
}
|
||||
keystone_user { $agent_name:
|
||||
ensure => present,
|
||||
password => $agent_password,
|
||||
|
@ -251,11 +245,6 @@ class monasca::keystone::auth (
|
|||
require => $real_user_roles_agent,
|
||||
before => Service['monasca-agent'],
|
||||
}
|
||||
keystone_user_role { "${admin_name}@${tenant}":
|
||||
ensure => present,
|
||||
roles => $real_user_roles_admin,
|
||||
before => Service['monasca-agent'],
|
||||
}
|
||||
keystone_user_role { "${user_name}@${tenant}":
|
||||
ensure => present,
|
||||
roles => [$role_user],
|
||||
|
@ -264,17 +253,26 @@ class monasca::keystone::auth (
|
|||
}
|
||||
}
|
||||
|
||||
keystone_service { "${real_service_name}::${service_type}":
|
||||
ensure => present,
|
||||
type => $service_type,
|
||||
description => $service_description,
|
||||
keystone::resource::service_identity { 'Monasca Service':
|
||||
configure_user => $configure_user,
|
||||
configure_user_role => $configure_user_role,
|
||||
configure_endpoint => $configure_endpoint,
|
||||
service_type => $service_type,
|
||||
service_description => $service_description,
|
||||
service_name => $real_service_name,
|
||||
region => $region,
|
||||
roles => $real_user_roles_admin,
|
||||
auth_name => $admin_name,
|
||||
password => $admin_password,
|
||||
email => $admin_email,
|
||||
tenant => $tenant,
|
||||
public_url => $public_url_real,
|
||||
admin_url => $admin_url_real,
|
||||
internal_url => $internal_url_real,
|
||||
}
|
||||
|
||||
if $configure_endpoint {
|
||||
keystone_endpoint { "${region}/${real_service_name}::${service_type}":
|
||||
ensure => present,
|
||||
public_url => $public_url_real,
|
||||
admin_url => $admin_url_real,
|
||||
internal_url => $internal_url_real,
|
||||
}
|
||||
Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~>
|
||||
Service <| name == 'monasca-api' |>
|
||||
}
|
||||
}
|
||||
|
|
|
@ -35,6 +35,9 @@
|
|||
# [*admin_password*]
|
||||
# password for the monasca admin user
|
||||
#
|
||||
# [*admin_project_name*]
|
||||
# project name for the monasca admin user
|
||||
#
|
||||
# [*agent_password*]
|
||||
# password for the monasca agent user
|
||||
#
|
||||
|
@ -60,23 +63,24 @@
|
|||
# password for the monasca persister database user
|
||||
#
|
||||
class monasca::params(
|
||||
$api_db_user = 'mon_api',
|
||||
$api_db_password = undef,
|
||||
$port = '8070',
|
||||
$api_version = 'v2.0',
|
||||
$region = 'RegionOne',
|
||||
$admin_name = 'monasca-admin',
|
||||
$agent_name = 'monasca-agent',
|
||||
$user_name = 'monasca-user',
|
||||
$auth_method = 'token',
|
||||
$admin_password = undef,
|
||||
$agent_password = undef,
|
||||
$user_password = undef,
|
||||
$sql_host = undef,
|
||||
$sql_user = undef,
|
||||
$sql_password = undef,
|
||||
$pers_db_user = 'mon_persister',
|
||||
$pers_db_password = undef,
|
||||
$api_db_user = 'mon_api',
|
||||
$api_db_password = undef,
|
||||
$port = '8070',
|
||||
$api_version = 'v2.0',
|
||||
$region = 'RegionOne',
|
||||
$admin_name = 'monasca-admin',
|
||||
$agent_name = 'monasca-agent',
|
||||
$user_name = 'monasca-user',
|
||||
$auth_method = 'token',
|
||||
$admin_password = undef,
|
||||
$admin_project_name = undef,
|
||||
$agent_password = undef,
|
||||
$user_password = undef,
|
||||
$sql_host = undef,
|
||||
$sql_user = undef,
|
||||
$sql_password = undef,
|
||||
$pers_db_user = 'mon_persister',
|
||||
$pers_db_password = undef,
|
||||
$persister_config_defaults = {
|
||||
'admin_port' => 8091,
|
||||
'application_port' => 8090,
|
||||
|
@ -86,6 +90,7 @@ class monasca::params(
|
|||
}
|
||||
) {
|
||||
validate_string($admin_password)
|
||||
validate_string($admin_project_name)
|
||||
validate_string($user_password)
|
||||
validate_string($agent_password)
|
||||
validate_string($sql_password)
|
||||
|
|
|
@ -71,6 +71,7 @@ middleware:
|
|||
adminAuthMethod: <%= @auth_method %>
|
||||
adminUser: <%= @admin_name %>
|
||||
adminPassword: <%= @admin_password %>
|
||||
adminProjectName: <%= @admin_project_name %>
|
||||
adminToken: <%= @keystone_admin_token %>
|
||||
timeToCacheToken: 600
|
||||
maxTokenCacheSize: 1048576
|
||||
|
|
Loading…
Reference in New Issue