Add Keystone

Author: fghaas

manifests/api/keystone.pp

@@ -0,0 +1,43 @@
+class kickstack::api::keystone inherits kickstack {
+  # Grab the Keystone admin token from a kickstack fact and configure
+  # Keystone accordingly. If no fact has been set, generate a password.
+  $admin_token = pick(getvar("${fact_prefix}keystone_admin_token"),pwgen())
+
+  class { '::keystone':
+    package_ensure => 'latest',
+    verbose        => 'True',
+    catalog_type   => 'sql',
+    admin_token    => $admin_token,
+    sql_connection => getvar("${fact_prefix}keystone_sql_connection"),
+  }
+
+  kickstack::exportfact::export { "keystone_admin_token":
+    value => "${admin_token}",
+    tag => "keystone",
+    require => Class['::keystone']
+  }
+
+  # Installs the service user endpoint.
+  class { '::keystone::endpoint':
+    public_address   => "${hostname}${keystone_public_suffix}",
+    admin_address    => "${hostname}${keystone_admin_suffix}",
+    internal_address => $hostname,
+    region           => $keystone_region,
+    require      => Class['::keystone']
+  }
+
+  kickstack::exportfact::export { "keystone_internal_address":
+    value => "${hostname}",
+    tag => "keystone",
+    require => Class['::keystone::endpoint']
+  }
+
+  # Adds the admin credential to keystone.
+  class { '::keystone::roles::admin':
+    email        => $keystone_admin_email,
+    password     => $keystone_admin_password,
+    admin_tenant => $keystone_admin_tenant,
+    service_tenant => $keystone_service_tenant,
+    require      => Class['::keystone::endpoint']
+  }
+}

manifests/apinode.pp

@@ -0,0 +1,3 @@
+class kickstack::apinode inherits kickstack {
+  include kickstack::api::keystone
+}

manifests/cloudcontroller.pp

@@ -0,0 +1,8 @@
+class kickstack::cloudcontroller inherits kickstack {
+
+  include kickstack::rpc
+  include kickstack::db
+
+  kickstack::db::service { ['keystone','glance','cinder','nova']: }
+
+}

manifests/db.pp

@@ -0,0 +1,29 @@
+class kickstack::db inherits kickstack {
+
+  case $database {
+    'mysql': {
+      $mysql_service = 'mysql'
+      ensure_resource('class',
+                      'mysql::server',
+                      { config_hash => {
+                        'root_password' => "$mysql_root_password",
+                        'bind_address'  => "0.0.0.0"
+                      }})
+      ensure_resource('file',
+                      '/etc/mysql/conf.d/skip-name-resolve.cnf',
+                      { source => "puppet:///modules/kickstack/mysql/skip-name-resolve.cnf",
+                      })
+    }
+    'postgresql': {
+      ensure_resource('class',
+                      'postgresql::server',
+                      { config_hash => {
+                        'ip_mask_deny_postgres_user' => '0.0.0.0/32',
+                        'ip_mask_allow_all_users'    => '0.0.0.0/0',
+                        'listen_addresses'           => '*',
+                        'postgres_password'          => "$postgres_password"}})
+    }
+  }
+
+}
+

manifests/db/service.pp

@@ -0,0 +1,52 @@
+define kickstack::db::service {
+
+  include pwgen
+
+  $fact_prefix = $::kickstack::fact_prefix
+  $database = $::kickstack::database
+
+  $servicename = $name
+  $username = $name
+
+  # Retrieve the currently set password for the service from its
+  # kickstack_*_sql_connection fact.
+  # If it's unset, generate one and subsequently export it.
+  $sql_connection = getvar("${fact_prefix}${servicename}_sql_connection")
+  $sql_password = $sql_connection ? {
+                  undef => pwgen(),
+                  default => pick(regsubst(getvar("${fact_prefix}${servicename}_sql_connection"),
+                                           ".*://${username}:(.*)@.*/${servicename}",
+                                           '\1'),
+                                  pwgen())
+                  }
+
+  # Export facts about the database only after configuring the database
+  Class["${servicename}::db::${database}"] -> Exportfact::Export<| tag == "$database" |>
+
+  # Configure the service database (classes look like nova::db::mysql or
+  # glance::db:postgresql, for example).
+  # If running on mysql, set the "allowed_hosts" parameter to % so we
+  # can connect to the database from anywhere.
+  case "${database}" {
+    "mysql": {
+      class { "${servicename}::db::mysql":
+            user => "$username",
+            password => "$sql_password",
+            charset => "utf8",
+            allowed_hosts => '%'
+      }
+    }
+    default: {
+      class { "${name}::db::${database}":
+            password => "$sql_password"
+      }
+    }
+  }
+
+  # Export the MySQL connection string for the service
+  kickstack::exportfact::export { "${name}_sql_connection":
+    value => "${database}://${name}:${sql_password}@${hostname}/${name}",
+    tag => "$database"
+  }
+
+}

manifests/exportfact/export.pp

@@ -0,0 +1,10 @@
+define kickstack::exportfact::export (
+  $value
+) {
+
+  ::exportfact::export { "${kickstack::fact_prefix}${name}":
+    value => $value,
+    category => "$kickstack::fact_category"
+  }
+
+}

manifests/init.pp

@@ -23,7 +23,15 @@
   $rabbit_user   = $kickstack::params::rabbit_user,
   $rabbit_virtual_host = $kickstack::params::rabbit_virtual_host,
   $qpid_username   = $kickstack::params::qpid_username,
+  $keystone_region = $kickstack::params::keystone_region,
+  $keystone_public_suffix = $kickstack::params::keystone_public_suffix,
+  $keystone_admin_suffix = $kickstack::params::keystone_admin_suffix,
+  $keystone_admin_tenant = $kickstack::params::keystone_admin_tenant,
+  $keystone_service_tenant = $kickstack::params::keystone_service_tenant,
+  $keystone_admin_email = $kickstack::params::keystone_admin_email,
+  $keystone_admin_password = $kickstack::params::keystone_admin_password,
 ) inherits kickstack::params {
 
   include exportfact
+  include openstack::repo
 } 

manifests/params.pp

@@ -49,4 +49,28 @@
   # Qpid password:
   $qpid_password = getvar("::${variable_prefix}qpid_password")
 
+  # The Keystone region to manage
+  $keystone_region = pick(getvar("::${variable_prefix}keystone_region"), 'kickstack')
+
+  # The suffix to append to the keystone hostname for publishing
+  # the public service endpoint
+  $keystone_public_suffix = getvar("::${variable_prefix}keystone_public_suffix")
+
+  # The suffix to append to the keystone hostname for publishing
+  # the admin service endpoint
+  $keystone_admin_suffix = getvar("::${variable_prefix}keystone_admin_suffix")
+
+  # The tenant set up so that individual OpenStack services can
+  # authenticate with Keystone
+  $keystone_service_tenant = getvar("::${variable_prefix}keystone_service_tenant")
+
+  # The special tenant set up for administrative purposes
+  $keystone_admin_tenant = getvar("::${variable_prefix}keystone_admin_tenant")
+
+  # The email address set for the admin user
+  $keystone_admin_email = pick(getvar("::${variable_prefix}keystone_admin_email"),"admin@${hostname}")
+
+  # The initial password to set for the admin user
+  $keystone_admin_password = pick(getvar("::${variable_prefix}keystone_admin_password"),"kickstack")
+
 }

manifests/rpc.pp

@@ -0,0 +1,28 @@
+class kickstack::rpc inherits kickstack {
+  case "$rpc" {
+    'rabbitmq': {
+      Class['nova::rabbitmq'] -> Exportfact::Export<| tag == 'rabbit' |>
+
+      class { 'nova::rabbitmq': }
+
+      kickstack::exportfact::export { "rabbit_host":
+        value => "$hostname",
+        tag => "rabbit"
+      }
+
+    }
+    'qpid': {
+      Class['nova::qpid'] -> Exportfact::Export<| tag == 'qpid' |>
+
+      class { 'nova::qpid': }
+
+      kickstack::exportfact::export { "qpid_hostname":
+        value => "$hostname",
+        tag => "qpid"
+      }
+    }
+    default: {
+      warn("Unsupported RPC server type: ${rpc_server}")
+    }
+  }
+}