950dbd08d3
Depends-on: https://review.opendev.org/960389 Change-Id: I13f86c0210ed5af39804bb5a4016f27c396ac53d Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
102 lines
3.6 KiB
Puppet
102 lines
3.6 KiB
Puppet
# == Class: nova::key_manager::barbican
|
|
#
|
|
# Setup and configure Barbican Key Manager options
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*barbican_endpoint*]
|
|
# (Optional) Use this endpoint to connect to Barbican.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*barbican_api_version*]
|
|
# (Optional) Version of the Barbican API.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*auth_endpoint*]
|
|
# (Optional) Use this endpoint to connect to Keystone.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*retry_delay*]
|
|
# (Optional) Number of seconds to wait before retrying poll for key creation
|
|
# completion.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*number_of_retries*]
|
|
# (Optional) Number of times to retry poll fo key creation completion.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*barbican_endpoint_type*]
|
|
# (Optional) Specifies the type of endpoint.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*barbican_region_name*]
|
|
# (Optional) Specifies the region of the chosen endpoint.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*send_service_user_token*]
|
|
# (Optional) The service uses service token feature when this is set as true.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*insecure*]
|
|
# (Optional) If true, explicitly allow TLS without checking server cert
|
|
# against any certificate authorities. WARNING: not recommended. Use with
|
|
# caution.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*cafile*]
|
|
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
|
|
# connections.
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*certfile*]
|
|
# (Optional) Required if identity server requires client certificate
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*keyfile*]
|
|
# (Optional) Required if identity server requires client certificate
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*timeout*]
|
|
# (Optional) Timeout value for connecting to barbican in seconds.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
class nova::key_manager::barbican (
|
|
$barbican_endpoint = $facts['os_service_default'],
|
|
$barbican_api_version = $facts['os_service_default'],
|
|
$auth_endpoint = $facts['os_service_default'],
|
|
$retry_delay = $facts['os_service_default'],
|
|
$number_of_retries = $facts['os_service_default'],
|
|
$barbican_endpoint_type = $facts['os_service_default'],
|
|
$barbican_region_name = $facts['os_service_default'],
|
|
$send_service_user_token = $facts['os_service_default'],
|
|
$insecure = $facts['os_service_default'],
|
|
$cafile = $facts['os_service_default'],
|
|
$certfile = $facts['os_service_default'],
|
|
$keyfile = $facts['os_service_default'],
|
|
$timeout = $facts['os_service_default'],
|
|
) {
|
|
include nova::deps
|
|
|
|
# cryptsetup is required when Barbican is encrypting volumes
|
|
stdlib::ensure_packages('cryptsetup', {
|
|
ensure => present,
|
|
tag => 'openstack',
|
|
})
|
|
|
|
oslo::key_manager::barbican { 'nova_config':
|
|
barbican_endpoint => $barbican_endpoint,
|
|
barbican_api_version => $barbican_api_version,
|
|
auth_endpoint => $auth_endpoint,
|
|
retry_delay => $retry_delay,
|
|
number_of_retries => $number_of_retries,
|
|
barbican_endpoint_type => $barbican_endpoint_type,
|
|
barbican_region_name => $barbican_region_name,
|
|
send_service_user_token => $send_service_user_token,
|
|
insecure => $insecure,
|
|
cafile => $cafile,
|
|
certfile => $certfile,
|
|
keyfile => $keyfile,
|
|
timeout => $timeout,
|
|
}
|
|
}
|