2 # This class implements some reasonable admin defaults for keystone.
4 # It creates the following keystone objects:
5 # * service tenant (tenant used by all service users)
6 # * "admin" tenant (defaults to "openstack")
7 # * admin user (that defaults to the "admin" tenant)
9 # * adds admin role to admin user on the "admin" tenant
13 # [email] The email address for the admin. Required.
14 # [password] The admin password. Required.
15 # [admin_roles] The list of the roles with admin privileges. Optional. Defaults to ['admin'].
16 # [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack.
17 # [admin] Admin user. Optional. Defaults to admin.
18 # [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
19 # [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
20 # [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
21 # [configure_user] Optional. Should the admin user be created? Defaults to 'true'.
22 # [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'.
28 # Dan Bode dan@puppetlabs.com
32 # Copyright 2012 Puppetlabs Inc, unless otherwise noted.
34 class keystone::roles::admin(
38 $admin_tenant = 'openstack',
39 $admin_roles = ['admin'],
40 $service_tenant = 'services',
41 $ignore_default_tenant = false,
42 $admin_tenant_desc = 'admin tenant',
43 $service_tenant_desc = 'Tenant for the openstack services',
44 $configure_user = true,
45 $configure_user_role = true,
48 keystone_tenant { $service_tenant:
51 description => $service_tenant_desc,
53 keystone_tenant { $admin_tenant:
56 description => $admin_tenant_desc,
58 keystone_role { 'admin':
63 keystone_user { $admin:
66 tenant => $admin_tenant,
68 password => $password,
69 ignore_default_tenant => $ignore_default_tenant,
73 if $configure_user_role {
74 keystone_user_role { "${admin}@${admin_tenant}":
76 roles => $admin_roles,