Deploying Keystone via Puppet on F19-优快云博客

For Puppet on Fedora, we have Packstack and The Foreman. But if you are doing development, you need to know what is going on at the nuts and bolts level. I need to do some work on the Puppet modules for Keystone. This is a developers setup, running out of git repositories.

Started by installing a new virtual machine and running yum update. Then, make sure git, puppet and facter are installed:

 
sudo yum install git
 
sudo yum install puppet
 
sudo yum install facter

From https://github.com/stackforge/puppet-openstack#setup

 
cd /etc/puppet/modules
 
gem install librarian-puppet
 
librarian-puppet install --path ./

Add in the clones for keystone, mysql, and postgresql.

 
git clone https://github.com/stackforge/puppet-keystone.gitkeystone
 
git clone https://github.com/puppetlabs/puppetlabs-postgresql.gitpostgresql
 
git clone https://github.com/puppetlabs/puppetlabs-mysql.gitmysql

You can see the additional dependendcies for Keystone in the file keystone.Modulefile

 
dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0'
 
dependency 'puppetlabs/mysql', '>=0.6.1 <1.0.0'
 
dependency 'puppetlabs/stdlib', '>= 2.5.0'

Get those from Git as well.

`1`	`git clone https://github.com/puppetlabs/puppetlabs-stdlib.gitstdlib`

`2`	`git clone https://github.com/puppetlabs/puppetlabs-concat.gitconcat`

I’m going to make one .pp file per thing I need to configure. For mysql:

 
class { 'mysql::server': }
 
 
 
mysql::db{ 'keystone':
 
  user          => 'keystone',
 
  password      => 'keystone',
 
  grant         => 'all',
 
}

For postgresql

 
class { 'postgresql::server':
 
    config_hash => {
 
    'listen_addresses'           => '*',
 
  },
 
 }
 
 
 
postgresql::db{ 'keystone':
 
  user          => 'keystone',
 
  password      => 'keystone',
 
  grant         => 'all',
 
}

These can be applied to your system with:

`1`	`sudo` `puppet apply ~/mysql.pp`

`1`	`sudo` `puppet apply ~/postgresql.pp`

To test Mysql

`1`	`mysql -h localhost -u keystone keystone --password=keystone`

To test Postgresql

`1`	`psql -h localhost -d keystone -U keystone`

Now to set up Keystone. This is a modified version of keystone.pp from openstack-puppet
git://github.com/stackforge/puppet-openstack.git openstack

 
class { 'openstack::keystone':
 
   db_host               => '127.0.0.1',
 
   db_password           => 'keystone',
 
   admin_token           => '12345',
 
   admin_email           => 'keystone@localhost',
 
   admin_password        => 'keystone',
 
   glance_user_password  => 'glance',
 
   nova_user_password    => 'nova',
 
   cinder_user_password  => 'cinder',
 
   neutron_user_password => 'neutron',
 
   public_address        => '127.0.0.1',
 
   internal_address        => '127.0.0.1',
 
   admin_address        => '127.0.0.1',
 
   glance                => 'false',
 
   nova                  => 'false',
 
   cinder                => 'false',
 
   neutron               => 'false',
 
   swift                 => 'false',
 
  }
 
 
 
class openstack::keystone (
 
  $db_password,
 
  $admin_token,
 
  $admin_email,
 
  $admin_password,
 
  $glance_user_password,
 
  $nova_user_password,
 
  $cinder_user_password,
 
  $neutron_user_password,
 
  $public_address,
 
  $public_protocol          = 'http',
 
  $db_host                  = '127.0.0.1',
 
  $idle_timeout             = '200',
 
  $db_type                  = 'mysql',
 
  $db_user                  = 'keystone',
 
  $db_name                  = 'keystone',
 
  $admin_tenant             = 'admin',
 
  $verbose                  = false,
 
  $debug                    = false,
 
  $bind_host                = '0.0.0.0',
 
  $region                   = 'RegionOne',
 
  $internal_address         = false,
 
  $admin_address            = false,
 
  $enabled                  = true
 
) {
 
 
 
  # Install and configure Keystone
 
  if $db_type == 'mysql' {
 
    $sql_conn ="mysql://${db_user}:${db_password}@${db_host}/${db_name}"
 
  } else {
 
    fail("db_type ${db_type} is not supported")
 
  }
 
 
 
  # munging b/c parameters are not
 
  # set procedurally in Puppet
 
  if($internal_address) {
 
    $internal_real = $internal_address
 
  } else {
 
    $internal_real = $public_address
 
  }
 
  if($admin_address) {
 
    $admin_real = $admin_address
 
  } else {
 
    $admin_real = $internal_real
 
  }
 
 
 
  class { '::keystone':
 
    verbose        => $verbose,
 
    debug          => $debug,
 
    bind_host      => $bind_host,
 
    idle_timeout   => $idle_timeout,
 
    catalog_type   => 'sql',
 
    admin_token    => $admin_token,
 
    enabled        => $enabled,
 
    sql_connection => $sql_conn,
 
  }
 
 
 
  if ($enabled) {
 
    # Setup the admin user
 
    class { 'keystone::roles::admin':
 
      email        => $admin_email,
 
      password     => $admin_password,
 
      admin_tenant => $admin_tenant,
 
    }
 
 
 
    # Setup the Keystone Identity Endpoint
 
    class { 'keystone::endpoint':
 
      public_address   => $public_address,
 
      public_protocol  => $public_protocol,
 
      admin_address    => $admin_real,
 
      internal_address => $internal_real,
 
      region           => $region,
 
    }
 
 
 
  }
 
 
 
}