| Filip Pytloun | 943d688 | 2015-10-06 16:28:32 +0200 | [diff] [blame] | 1 | {%- from "keystone/map.jinja" import server with context %} |
| 2 | {%- if server.enabled %} |
| 3 | |
| 4 | keystone_packages: |
| 5 | pkg.installed: |
| 6 | - names: {{ server.pkgs }} |
| 7 | |
| 8 | {%- if not salt['user.info']('keystone') %} |
| 9 | |
| 10 | keystone_user: |
| 11 | user.present: |
| 12 | - name: keystone |
| 13 | - home: /var/lib/keystone |
| 14 | - uid: 301 |
| 15 | - gid: 301 |
| 16 | - shell: /bin/false |
| 17 | - system: True |
| 18 | - require_in: |
| 19 | - pkg: keystone_packages |
| 20 | |
| 21 | keystone_group: |
| 22 | group.present: |
| 23 | - name: keystone |
| 24 | - gid: 301 |
| 25 | - system: True |
| 26 | - require_in: |
| 27 | - pkg: keystone_packages |
| 28 | - user: keystone_user |
| 29 | |
| 30 | {%- endif %} |
| 31 | |
| 32 | /etc/keystone/keystone.conf: |
| 33 | file.managed: |
| 34 | - source: salt://keystone/files/{{ server.version }}/keystone.conf.{{ grains.os_family }} |
| 35 | - template: jinja |
| 36 | - require: |
| 37 | - pkg: keystone_packages |
| 38 | |
| 39 | |
| 40 | /etc/keystone/keystone-paste.ini: |
| 41 | file.managed: |
| 42 | - source: salt://keystone/files/{{ server.version }}/keystone-paste.ini.{{ grains.os_family }} |
| 43 | - template: jinja |
| 44 | - require: |
| 45 | - pkg: keystone_packages |
| 46 | - watch_in: |
| 47 | - service: keystone_service |
| 48 | |
| 49 | /etc/keystone/policy.json: |
| 50 | file.managed: |
| 51 | - source: salt://keystone/files/{{ server.version }}/policy-v{{ server.api_version }}.json |
| 52 | - require: |
| 53 | - pkg: keystone_packages |
| 54 | - watch_in: |
| 55 | - service: keystone_service |
| 56 | |
| Filip Pytloun | 6b9ec2b | 2016-01-12 13:52:01 +0100 | [diff] [blame] | 57 | {%- if server.get("domain", {}) %} |
| 58 | |
| 59 | /etc/keystone/domains: |
| 60 | file.directory: |
| 61 | - mode: 0755 |
| 62 | - require: |
| 63 | - pkg: keystone_packages |
| 64 | |
| 65 | {%- for domain_name, domain in server.domain.iteritems() %} |
| 66 | /etc/keystone/domains/keystone.{{ domain_name }}.conf: |
| 67 | file.managed: |
| 68 | - source: salt://keystone/files/keystone.domain.conf |
| 69 | - require: |
| 70 | - file: /etc/keystone/domains |
| 71 | - watch_in: |
| 72 | - service: keystone_service |
| Filip Pytloun | 5b50385 | 2016-01-12 14:02:07 +0100 | [diff] [blame^] | 73 | - defaults: |
| 74 | - domain_name: {{ domain_name }} |
| 75 | |
| 76 | keystone_domain_{{ domain_name }}: |
| 77 | cmd.run: |
| 78 | - name: source /root/keystonercv3 && openstack domain create --description "{{ domain.description }}" {{ domain_name }} |
| 79 | - unless: source /root/keystonercv3 && openstack domain list | grep " {{ domain_name }}" |
| 80 | - require: |
| 81 | - file: /root/keystonercv3 |
| 82 | - service: keystone_service |
| Filip Pytloun | 6b9ec2b | 2016-01-12 13:52:01 +0100 | [diff] [blame] | 83 | {%- endfor %} |
| 84 | |
| 85 | {%- endif %} |
| 86 | |
| Filip Pytloun | 943d688 | 2015-10-06 16:28:32 +0200 | [diff] [blame] | 87 | keystone_service: |
| 88 | service.running: |
| 89 | - name: {{ server.service_name }} |
| 90 | - enable: True |
| 91 | - watch: |
| 92 | - file: /etc/keystone/keystone.conf |
| 93 | |
| 94 | /root/keystonerc: |
| 95 | file.managed: |
| 96 | - source: salt://keystone/files/keystonerc |
| 97 | - template: jinja |
| 98 | - require: |
| 99 | - pkg: keystone_packages |
| 100 | |
| 101 | /root/keystonercv3: |
| 102 | file.managed: |
| 103 | - source: salt://keystone/files/keystonercv3 |
| 104 | - template: jinja |
| 105 | - require: |
| 106 | - pkg: keystone_packages |
| 107 | |
| 108 | keystone_syncdb: |
| 109 | cmd.run: |
| 110 | - name: keystone-manage db_sync |
| 111 | - require: |
| 112 | - service: keystone_service |
| 113 | |
| 114 | {% if server.tokens.engine == 'fernet' %} |
| 115 | |
| 116 | /etc/keystone/fernet-keys: |
| 117 | file.directory: |
| 118 | - mode: 755 |
| 119 | - user: keystone |
| 120 | - group: keystone |
| 121 | - require: |
| 122 | - pkg: keystone_packages |
| 123 | - require_in: |
| 124 | - service: keystone_fernet_setup |
| 125 | |
| 126 | keystone_fernet_setup: |
| 127 | cmd.run: |
| 128 | - name: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone |
| 129 | - require: |
| 130 | - service: keystone_service |
| 131 | |
| 132 | {% endif %} |
| 133 | |
| 134 | keystone_service_tenant: |
| 135 | keystone.tenant_present: |
| 136 | - name: {{ server.service_tenant }} |
| 137 | - require: |
| 138 | - cmd: keystone_syncdb |
| 139 | |
| 140 | keystone_admin_tenant: |
| 141 | keystone.tenant_present: |
| 142 | - name: {{ server.admin_tenant }} |
| 143 | - require: |
| 144 | - keystone: keystone_service_tenant |
| 145 | |
| 146 | keystone_roles: |
| 147 | keystone.role_present: |
| 148 | - names: {{ server.roles }} |
| 149 | - require: |
| 150 | - keystone: keystone_service_tenant |
| 151 | |
| 152 | keystone_admin_user: |
| 153 | keystone.user_present: |
| 154 | - name: {{ server.admin_name }} |
| 155 | - password: {{ server.admin_password }} |
| 156 | - email: {{ server.admin_email }} |
| 157 | - tenant: {{ server.admin_tenant }} |
| 158 | - roles: |
| 159 | {{ server.admin_tenant }}: |
| 160 | - admin |
| 161 | - require: |
| 162 | - keystone: keystone_admin_tenant |
| 163 | - keystone: keystone_roles |
| 164 | |
| 165 | {% for service_name, service in server.get('service', {}).iteritems() %} |
| 166 | |
| 167 | keystone_{{ service_name }}_service: |
| 168 | keystone.service_present: |
| 169 | - name: {{ service_name }} |
| 170 | - service_type: {{ service.type }} |
| 171 | - description: {{ service.description }} |
| 172 | - require: |
| 173 | - keystone: keystone_roles |
| 174 | |
| 175 | keystone_{{ service_name }}_endpoint: |
| 176 | keystone.endpoint_present: |
| 177 | - name: {{ service_name }} |
| 178 | - publicurl: '{{ service.bind.get('public_protocol', 'http') }}://{{ service.bind.public_address }}:{{ service.bind.public_port }}{{ service.bind.public_path }}' |
| 179 | - internalurl: '{{ service.bind.get('internal_protocol', 'http') }}://{{ service.bind.internal_address }}:{{ service.bind.internal_port }}{{ service.bind.internal_path }}' |
| 180 | - adminurl: '{{ service.bind.get('admin_protocol', 'http') }}://{{ service.bind.admin_address }}:{{ service.bind.admin_port }}{{ service.bind.admin_path }}' |
| 181 | - region: {{ service.get('region', 'RegionOne') }} |
| 182 | - require: |
| 183 | - keystone: keystone_{{ service_name }}_service |
| 184 | |
| 185 | {% if service.user is defined %} |
| 186 | |
| 187 | keystone_user_{{ service.user.name }}: |
| 188 | keystone.user_present: |
| 189 | - name: {{ service.user.name }} |
| 190 | - password: {{ service.user.password }} |
| 191 | - email: {{ server.admin_email }} |
| 192 | - tenant: {{ server.service_tenant }} |
| 193 | - roles: |
| 194 | {{ server.service_tenant }}: |
| 195 | - admin |
| 196 | - require: |
| 197 | - keystone: keystone_roles |
| 198 | |
| 199 | {% endif %} |
| 200 | |
| 201 | {% endfor %} |
| 202 | |
| 203 | {%- for tenant_name, tenant in server.get('tenant', {}).iteritems() %} |
| 204 | |
| 205 | keystone_tenant_{{ tenant_name }}: |
| 206 | keystone.tenant_present: |
| 207 | - name: {{ tenant_name }} |
| 208 | - require: |
| 209 | - keystone: keystone_roles |
| 210 | |
| 211 | {%- for user_name, user in tenant.get('user', {}).iteritems() %} |
| 212 | |
| 213 | keystone_user_{{ user_name }}: |
| 214 | keystone.user_present: |
| 215 | - name: {{ user_name }} |
| 216 | - password: {{ user.password }} |
| 217 | - email: {{ user.get('email', 'root@localhost') }} |
| 218 | - tenant: {{ tenant_name }} |
| 219 | - roles: |
| 220 | {{ tenant_name }}: |
| 221 | {%- if user.get('roles', False) %} |
| 222 | {{ user.roles }} |
| 223 | {%- else %} |
| 224 | - Member |
| 225 | {%- endif %} |
| 226 | - require: |
| 227 | - keystone: keystone_tenant_{{ tenant_name }} |
| 228 | |
| 229 | {%- endfor %} |
| 230 | |
| 231 | {%- endfor %} |
| 232 | |
| 233 | {%- endif %} |