Deploying Keystone via Puppet on F19

Posted on by

For Puppet on Fedora, we have Packstack and The Foreman. But if you are doing development, you need to know what is going on at the nuts and bolts level. I need to do some work on the Puppet modules for Keystone. This is a developers setup, running out of git repositories.

Started by installing a new virtual machine and running yum update. Then, make sure git, puppet and facter are installed:

sudo yum install git
sudo yum install puppet
sudo yum install facter

From https://github.com/stackforge/puppet-openstack#setup

cd /etc/puppet/modules
gem install librarian-puppet
librarian-puppet install --path ./

Add in the clones for keystone, mysql, and postgresql.

git clone https://github.com/stackforge/puppet-keystone.git keystone
git clone https://github.com/puppetlabs/puppetlabs-postgresql.git postgresql
git clone https://github.com/puppetlabs/puppetlabs-mysql.git mysql

You can see the additional dependendcies for Keystone in the file keystone.Modulefile

dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0'
dependency 'puppetlabs/mysql', '>=0.6.1 <1.0.0'
dependency 'puppetlabs/stdlib', '>= 2.5.0'

Get those from Git as well.

git clone https://github.com/puppetlabs/puppetlabs-stdlib.git stdlib
git clone https://github.com/puppetlabs/puppetlabs-concat.git concat

I’m going to make one .pp file per thing I need to configure. For mysql:

class { 'mysql::server': }

mysql::db{ 'keystone':
  user          => 'keystone',
  password      => 'keystone',
  grant         => 'all',
}

For postgresql

class { 'postgresql::server':
    config_hash => {
    'listen_addresses'           => '*',
  },
 } 

postgresql::db{ 'keystone':
  user          => 'keystone',
  password      => 'keystone',
  grant         => 'all',
}

These can be applied to your system with:

sudo puppet apply ~/mysql.pp

or 

sudo puppet apply ~/postgresql.pp

To test Mysql

mysql -h localhost -u keystone keystone --password=keystone

To test Postgresql

psql -h localhost -d keystone -U keystone

Now to set up Keystone. This is a modified version of keystone.pp from openstack-puppet
git://github.com/stackforge/puppet-openstack.git openstack

class { 'openstack::keystone':
   db_host               => '127.0.0.1',
   db_password           => 'keystone',
   admin_token           => '12345',
   admin_email           => 'keystone@localhost',
   admin_password        => 'keystone',
   glance_user_password  => 'glance',
   nova_user_password    => 'nova',
   cinder_user_password  => 'cinder',
   neutron_user_password => 'neutron',
   public_address        => '127.0.0.1',
   internal_address        => '127.0.0.1',
   admin_address        => '127.0.0.1',
   glance                => 'false',
   nova                  => 'false',
   cinder                => 'false',
   neutron               => 'false',
   swift                 => 'false',
  }

class openstack::keystone (
  $db_password,
  $admin_token,
  $admin_email,
  $admin_password,
  $glance_user_password,
  $nova_user_password,
  $cinder_user_password,
  $neutron_user_password,
  $public_address,
  $public_protocol          = 'http',
  $db_host                  = '127.0.0.1',
  $idle_timeout             = '200',
  $db_type                  = 'mysql',
  $db_user                  = 'keystone',
  $db_name                  = 'keystone',
  $admin_tenant             = 'admin',
  $verbose                  = false,
  $debug                    = false,
  $bind_host                = '0.0.0.0',
  $region                   = 'RegionOne',
  $internal_address         = false,
  $admin_address            = false,
  $enabled                  = true
) {

  # Install and configure Keystone
  if $db_type == 'mysql' {
    $sql_conn = "mysql://${db_user}:${db_password}@${db_host}/${db_name}"
  } else {
    fail("db_type ${db_type} is not supported")
  }

  # munging b/c parameters are not
  # set procedurally in Puppet
  if($internal_address) {
    $internal_real = $internal_address
  } else {
    $internal_real = $public_address
  }
  if($admin_address) {
    $admin_real = $admin_address
  } else {
    $admin_real = $internal_real
  }

  class { '::keystone':
    verbose        => $verbose,
    debug          => $debug,
    bind_host      => $bind_host,
    idle_timeout   => $idle_timeout,
    catalog_type   => 'sql',
    admin_token    => $admin_token,
    enabled        => $enabled,
    sql_connection => $sql_conn,
  }

  if ($enabled) {
    # Setup the admin user
    class { 'keystone::roles::admin':
      email        => $admin_email,
      password     => $admin_password,
      admin_tenant => $admin_tenant,
    }

    # Setup the Keystone Identity Endpoint
    class { 'keystone::endpoint':
      public_address   => $public_address,
      public_protocol  => $public_protocol,
      admin_address    => $admin_real,
      internal_address => $internal_real,
      region           => $region,
    }

  }

}

run it with

sudo puppet apply ~/keystone.pp

Once it runs, test that Keystone is running with:

keystone --os-token 12345 --os-endpoint=http://localhost:35357/v2.0/   user-list

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.