2 # This class implements some reasonable admin defaults for keystone.
4 # It creates the following keystone objects:
5 # * service tenant (tenant used by all service users)
6 # * "admin" tenant (defaults to "openstack")
7 # * admin user (that defaults to the "admin" tenant)
9 # * adds admin role to admin user on the "admin" tenant
13 # [email] The email address for the admin. Required.
14 # [password] The admin password. Required.
15 # [admin_roles] The list of the roles with admin privileges. Optional. Defaults to ['admin'].
16 # [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack.
17 # [admin] Admin user. Optional. Defaults to admin.
18 # [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
19 # [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
20 # [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
21 # [configure_user] Optional. Should the admin user be created? Defaults to 'true'.
22 # [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'.
28 # Dan Bode dan@puppetlabs.com
32 # Copyright 2012 Puppetlabs Inc, unless otherwise noted.
34 class keystone::roles::admin(
38 $admin_tenant = 'openstack',
39 $admin_roles = ['admin'],
40 $service_tenant = 'services',
41 $ignore_default_tenant = false,
42 $admin_tenant_desc = 'admin tenant',
43 $service_tenant_desc = 'Tenant for the openstack services',
44 $configure_user = true,
45 $configure_user_role = true,
46 $validate_cacert = undef,
49 keystone_tenant { $service_tenant:
52 description => $service_tenant_desc,
53 os_cacert => $validate_cacert,
55 keystone_tenant { $admin_tenant:
58 description => $admin_tenant_desc,
59 os_cacert => $validate_cacert,
61 keystone_role { 'admin':
66 keystone_user { $admin:
69 tenant => $admin_tenant,
71 password => $password,
72 ignore_default_tenant => $ignore_default_tenant,
76 if $configure_user_role {
77 keystone_user_role { "${admin}@${admin_tenant}":
79 roles => $admin_roles,