1 # == Class: keystone::roles::admin
3 # This class implements some reasonable admin defaults for keystone.
5 # It creates the following keystone objects:
6 # * service tenant (tenant used by all service users)
7 # * "admin" tenant (defaults to "openstack")
8 # * admin user (that defaults to the "admin" tenant)
10 # * adds admin role to admin user on the "admin" tenant
15 # The email address for the admin. Required.
18 # The admin password. Required.
21 # The list of the roles with admin privileges. Optional.
22 # Defaults to ['admin'].
25 # The name of the tenant to be used for admin privileges. Optional.
26 # Defaults to openstack.
29 # The name of service keystone tenant. Optional.
30 # Defaults to 'services'.
33 # Admin user. Optional.
36 # [*ignore_default_tenant*]
37 # Ignore setting the default tenant value when the user is created. Optional.
40 # [*admin_tenant_desc*]
41 # Optional. Description for admin tenant,
42 # Defaults to 'admin tenant'
44 # [*service_tenant_desc*]
45 # Optional. Description for admin tenant,
46 # Defaults to 'Tenant for the openstack services'
49 # Optional. Should the admin user be created?
52 # [*configure_user_role*]
53 # Optional. Should the admin role be configured for the admin user?
56 # [*admin_user_domain*]
57 # Optional. Domain of the admin user
58 # Defaults to undef (undef will resolve to class keystone $default_domain)
60 # [*admin_project_domain*]
61 # Optional. Domain of the admin tenant
62 # Defaults to undef (undef will resolve to class keystone $default_domain)
64 # [*service_project_domain*]
65 # Optional. Domain for $service_tenant
66 # Defaults to undef (undef will resolve to class keystone $default_domain)
72 # Dan Bode dan@puppetlabs.com
76 # Copyright 2012 Puppetlabs Inc, unless otherwise noted.
78 class keystone::roles::admin(
82 $admin_tenant = 'openstack',
83 $admin_roles = ['admin'],
84 $service_tenant = 'services',
85 $ignore_default_tenant = false,
86 $admin_tenant_desc = 'admin tenant',
87 $service_tenant_desc = 'Tenant for the openstack services',
88 $configure_user = true,
89 $configure_user_role = true,
90 $admin_user_domain = undef,
91 $admin_project_domain = undef,
92 $service_project_domain = undef,
95 if $service_project_domain {
96 if $service_project_domain != $admin_user_domain {
97 if $service_project_domain != $admin_project_domain {
98 keystone_domain { $service_project_domain:
106 if $admin_project_domain {
107 if $admin_project_domain != $admin_user_domain {
108 if $service_project_domain != $admin_project_domain {
109 keystone_domain { $admin_project_domain:
117 if $admin_user_domain {
118 if $admin_project_domain != $admin_user_domain {
119 if $service_project_domain != $admin_user_domain {
120 keystone_domain { $admin_user_domain:
128 keystone_tenant { $service_tenant:
131 description => $service_tenant_desc,
132 domain => $service_project_domain,
134 keystone_tenant { $admin_tenant:
137 description => $admin_tenant_desc,
138 domain => $admin_project_domain,
140 keystone_role { 'admin':
145 keystone_user { $admin:
148 tenant => $admin_tenant,
150 password => $password,
151 domain => $admin_user_domain,
152 ignore_default_tenant => $ignore_default_tenant,
156 if $configure_user_role {
157 keystone_user_role { "${admin}@${admin_tenant}":
159 roles => $admin_roles,