+# == Class: keystone::roles::admin
#
# This class implements some reasonable admin defaults for keystone.
#
# * admin role
# * adds admin role to admin user on the "admin" tenant
#
-# [*Parameters*]
+# === Parameters:
#
-# [email] The email address for the admin. Required.
-# [password] The admin password. Required.
-# [admin_roles] The list of the roles with admin privileges. Optional. Defaults to ['admin'].
-# [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack.
-# [admin] Admin user. Optional. Defaults to admin.
-# [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
-# [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
-# [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
-# [configure_user] Optional. Should the admin user be created? Defaults to 'true'.
-# [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'.
+# [*email*]
+# The email address for the admin. Required.
+#
+# [*password*]
+# The admin password. Required.
+#
+# [*admin_roles*]
+# The list of the roles with admin privileges. Optional.
+# Defaults to ['admin'].
+#
+# [*admin_tenant*]
+# The name of the tenant to be used for admin privileges. Optional.
+# Defaults to openstack.
+#
+# [*service_tenant*]
+# The name of service keystone tenant. Optional.
+# Defaults to 'services'.
+#
+# [*admin*]
+# Admin user. Optional.
+# Defaults to admin.
+#
+# [*ignore_default_tenant*]
+# Ignore setting the default tenant value when the user is created. Optional.
+# Defaults to false.
+#
+# [*admin_tenant_desc*]
+# Optional. Description for admin tenant,
+# Defaults to 'admin tenant'
+#
+# [*service_tenant_desc*]
+# Optional. Description for admin tenant,
+# Defaults to 'Tenant for the openstack services'
+#
+# [*configure_user*]
+# Optional. Should the admin user be created?
+# Defaults to 'true'.
+#
+# [*configure_user_role*]
+# Optional. Should the admin role be configured for the admin user?
+# Defaults to 'true'.
+#
+# [*admin_user_domain*]
+# Optional. Domain of the admin user
+# Defaults to undef (undef will resolve to class keystone $default_domain)
+#
+# [*admin_project_domain*]
+# Optional. Domain of the admin tenant
+# Defaults to undef (undef will resolve to class keystone $default_domain)
+#
+# [*service_project_domain*]
+# Optional. Domain for $service_tenant
+# Defaults to undef (undef will resolve to class keystone $default_domain)
#
# == Dependencies
# == Examples
$service_tenant_desc = 'Tenant for the openstack services',
$configure_user = true,
$configure_user_role = true,
- $validate_cacert = undef,
+ $admin_user_domain = undef,
+ $admin_project_domain = undef,
+ $service_project_domain = undef,
) {
+ if $service_project_domain {
+ if $service_project_domain != $admin_user_domain {
+ if $service_project_domain != $admin_project_domain {
+ keystone_domain { $service_project_domain:
+ ensure => present,
+ enabled => true,
+ }
+ }
+ }
+ }
+
+ if $admin_project_domain {
+ if $admin_project_domain != $admin_user_domain {
+ if $service_project_domain != $admin_project_domain {
+ keystone_domain { $admin_project_domain:
+ ensure => present,
+ enabled => true,
+ }
+ }
+ }
+ }
+
+ if $admin_user_domain {
+ if $admin_project_domain != $admin_user_domain {
+ if $service_project_domain != $admin_user_domain {
+ keystone_domain { $admin_user_domain:
+ ensure => present,
+ enabled => true,
+ }
+ }
+ }
+ }
+
keystone_tenant { $service_tenant:
ensure => present,
enabled => true,
description => $service_tenant_desc,
- os_cacert => $validate_cacert,
+ domain => $service_project_domain,
}
keystone_tenant { $admin_tenant:
ensure => present,
enabled => true,
description => $admin_tenant_desc,
- os_cacert => $validate_cacert,
+ domain => $admin_project_domain,
}
keystone_role { 'admin':
ensure => present,
tenant => $admin_tenant,
email => $email,
password => $password,
+ domain => $admin_user_domain,
ignore_default_tenant => $ignore_default_tenant,
}
}