1 # == Class: keystone::roles::admin
3 # This class implements some reasonable admin defaults for keystone.
5 # It creates the following keystone objects:
6 # * service tenant (tenant used by all service users)
7 # * "admin" tenant (defaults to "openstack")
8 # * admin user (that defaults to the "admin" tenant)
10 # * adds admin role to admin user on the "admin" tenant
15 # The email address for the admin. Required.
18 # The admin password. Required.
21 # The list of the roles with admin privileges. Optional.
22 # Defaults to ['admin'].
25 # The name of the tenant to be used for admin privileges. Optional.
26 # Defaults to openstack.
29 # The name of service keystone tenant. Optional.
30 # Defaults to 'services'.
33 # Admin user. Optional.
36 # [*ignore_default_tenant*]
37 # Ignore setting the default tenant value when the user is created. Optional.
40 # [*admin_tenant_desc*]
41 # Optional. Description for admin tenant,
42 # Defaults to 'admin tenant'
44 # [*service_tenant_desc*]
45 # Optional. Description for admin tenant,
46 # Defaults to 'Tenant for the openstack services'
49 # Optional. Should the admin user be created?
52 # [*configure_user_role*]
53 # Optional. Should the admin role be configured for the admin user?
60 # Dan Bode dan@puppetlabs.com
64 # Copyright 2012 Puppetlabs Inc, unless otherwise noted.
66 class keystone::roles::admin(
70 $admin_tenant = 'openstack',
71 $admin_roles = ['admin'],
72 $service_tenant = 'services',
73 $ignore_default_tenant = false,
74 $admin_tenant_desc = 'admin tenant',
75 $service_tenant_desc = 'Tenant for the openstack services',
76 $configure_user = true,
77 $configure_user_role = true,
80 keystone_tenant { $service_tenant:
83 description => $service_tenant_desc,
85 keystone_tenant { $admin_tenant:
88 description => $admin_tenant_desc,
90 keystone_role { 'admin':
95 keystone_user { $admin:
98 tenant => $admin_tenant,
100 password => $password,
101 ignore_default_tenant => $ignore_default_tenant,
105 if $configure_user_role {
106 keystone_user_role { "${admin}@${admin_tenant}":
108 roles => $admin_roles,