Deploying Keystone via Puppet on F19

For Puppet on Fedora, we have Packstack and The Foreman. But if you are doing development, you need to know what is going on at the nuts and bolts level. I need to do some work on the Puppet modules for Keystone. This is a developers setup, running out of git repositories.

Started by installing a new virtual machine and running yum update. Then, make sure git, puppet and facter are installed:

1	sudo yum install git

2	sudo yum install puppet

3	sudo yum install facter

From https://github.com/stackforge/puppet-openstack#setup

1	cd /etc/puppet/modules

2	gem install librarian-puppet

3	librarian-puppet install --path ./

Add in the clones for keystone, mysql, and postgresql.

1	git clone https://github.com/stackforge/puppet-keystone.gitkeystone

2	git clone https://github.com/puppetlabs/puppetlabs-postgresql.gitpostgresql

3	git clone https://github.com/puppetlabs/puppetlabs-mysql.gitmysql

You can see the additional dependendcies for Keystone in the file keystone.Modulefile

1	dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0'

2	dependency 'puppetlabs/mysql', '>=0.6.1 <1.0.0'

3	dependency 'puppetlabs/stdlib', '>= 2.5.0'

Get those from Git as well.

1	git clone https://github.com/puppetlabs/puppetlabs-stdlib.gitstdlib

2	git clone https://github.com/puppetlabs/puppetlabs-concat.gitconcat

I’m going to make one .pp file per thing I need to configure. For mysql:

1	class { 'mysql::server': }

2

3	mysql::db{ 'keystone':

4	user          => 'keystone',

5	password      => 'keystone',

6	grant         => 'all',

7

}

For postgresql

01	class { 'postgresql::server':

02	config_hash => {

03	'listen_addresses'           => '*',

04

},

05

}

06

07	postgresql::db{ 'keystone':

08	user          => 'keystone',

09	password      => 'keystone',

10	grant         => 'all',

11

}

These can be applied to your system with:

1	sudo puppet apply ~/mysql.pp

or

1	sudo puppet apply ~/postgresql.pp

To test Mysql

1	mysql -h localhost -u keystone keystone --password=keystone

To test Postgresql

1	psql -h localhost -d keystone -U keystone

Now to set up Keystone. This is a modified version of keystone.pp from openstack-puppet
git://github.com/stackforge/puppet-openstack.git openstack

01	class { 'openstack::keystone':

02	db_host               => '127.0.0.1',

03	db_password           => 'keystone',

04	admin_token           => '12345',

05	admin_email           => 'keystone@localhost',

06	admin_password        => 'keystone',

07	glance_user_password  => 'glance',

08	nova_user_password    => 'nova',

09	cinder_user_password  => 'cinder',

10	neutron_user_password => 'neutron',

11	public_address        => '127.0.0.1',

12	internal_address        => '127.0.0.1',

13	admin_address        => '127.0.0.1',

14	glance                => 'false',

15	nova                  => 'false',

16	cinder                => 'false',

17	neutron               => 'false',

18	swift                 => 'false',

19

}

20

21	class openstack::keystone (

22	$db_password,

23	$admin_token,

24	$admin_email,

25	$admin_password,

26	$glance_user_password,

27	$nova_user_password,

28	$cinder_user_password,

29	$neutron_user_password,

30	$public_address,

31	$public_protocol          = 'http',

32	$db_host                  = '127.0.0.1',

33	$idle_timeout             = '200',

34	$db_type                  = 'mysql',

35	$db_user                  = 'keystone',

36	$db_name                  = 'keystone',

37	$admin_tenant             = 'admin',

38	$verbose                  = false,

39	$debug                    = false,

40	$bind_host                = '0.0.0.0',

41	$region                   = 'RegionOne',

42	$internal_address         = false,

43	$admin_address            = false,

44	$enabled                  = true

45

) {

46

47	# Install and configure Keystone

48	if $db_type == 'mysql' {

49	$sql_conn ="mysql://${db_user}:${db_password}@${db_host}/${db_name}"

50

} else {

51	fail("db_type ${db_type} is not supported")

52

}

53

54	# munging b/c parameters are not

55	# set procedurally in Puppet

56	if($internal_address) {

57	$internal_real = $internal_address

58

} else {

59	$internal_real = $public_address

60

}

61	if($admin_address) {

62	$admin_real = $admin_address

63

} else {

64	$admin_real = $internal_real

65

}

66

67	class { '::keystone':

68	verbose        => $verbose,

69	debug          => $debug,

70	bind_host      => $bind_host,

71	idle_timeout   => $idle_timeout,

72	catalog_type   => 'sql',

73	admin_token    => $admin_token,

74	enabled        => $enabled,

75	sql_connection => $sql_conn,

76

}

77

78	if ($enabled) {

79	# Setup the admin user

80	class { 'keystone::roles::admin':

81	email        => $admin_email,

82	password     => $admin_password,

83	admin_tenant => $admin_tenant,

84

}

85

86	# Setup the Keystone Identity Endpoint

87	class { 'keystone::endpoint':

88	public_address   => $public_address,

89	public_protocol  => $public_protocol,

90	admin_address    => $admin_real,

91	internal_address => $internal_real,

92	region           => $region,

93

}

94

95

}

96

97

}

run it with

1	sudo puppet apply ~/keystone.pp

Once it runs, test that Keystone is running with:

view source

print ?

1	keystone --os-token 12345 --os-endpoint=http://localhost:35357/v2.0/   user-list