File: k2k_sp_shib.pp

package info (click to toggle)
puppet-module-keystone 25.0.0-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,428 kB
  • sloc: ruby: 9,684; pascal: 295; python: 38; makefile: 10; sh: 10
file content (69 lines) | stat: -rw-r--r-- 2,207 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# Example to configure Keystone as Service Provider for
# K2K Federation.
#
# To be sure everything is working, run:
#   $ export OS_USERNAME=admin
#   $ export OS_PASSWORD=ChangeMe
#   $ export OS_TENANT_NAME=openstack
#   $ export OS_AUTH_URL=http://keystone.local/keystone/main/v3
#   $ keystone catalog
#   Service: identity
#   +-------------+----------------------------------------------+
#   |   Property  |                    Value                     |
#   +-------------+----------------------------------------------+
#   |   adminURL  | http://keystone.local:80/keystone/admin/v3   |
#   |      id     |       4f0f55f6789d4c73a53c51f991559b72       |
#   | internalURL | http://keystone.local:80/keystone/main/v3    |
#   |  publicURL  | http://keystone.local:80/keystone/main/v3    |
#   |    region   |                  RegionOne                   |
#   +-------------+----------------------------------------------+
#

Exec { logoutput => 'on_failure' }

# Note: The yumrepo part is only necessary if you are using RedHat.
# Yumrepo begin
yumrepo { 'shibboleth':
  name     => 'Shibboleth',
  baseurl  => 'http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/',
  descr    => 'Shibboleth repo for RedHat',
  gpgcheck => 1,
  gpgkey   => 'http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/repodata/repomd.xml.key',
  enabled  => 1,
  require  => Anchor['openstack_extras_redhat']
}

Yumrepo['shibboleth'] -> Class['keystone::federation::shibboleth']
# Yumrepo end

class { 'mysql::server': }
class { 'keystone::db::mysql':
  password => 'keystone',
}

class { 'keystone::db':
  database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
}

class { 'keystone':
  debug          => true,
  catalog_driver => 'sql',
  enabled        => false,
}

class { 'keystone::bootstrap':
  password   => 'ChangeMe',
  public_url => "https://${facts['networking']['fqdn']}:5000",
  admin_url  => "https://${facts['networking']['fqdn']}:5000",
}

keystone_config { 'ssl/enable': value => true }

include apache
class { 'keystone::wsgi::apache':
  ssl => true
}

class { 'keystone::federation::shibboleth':
  methods => 'password, token, oauth1, saml2',
}