salt.states.keystone¶
Management of Keystone users¶
| depends: |
|
|---|---|
| configuration: | See |
Keystone tenants:
keystone.tenant_present:
- names:
- admin
- demo
- service
Keystone roles:
keystone.role_present:
- names:
- admin
- Member
admin:
keystone.user_present:
- password: R00T_4CC3SS
- email: admin@domain.com
- roles:
admin: # tenants
- admin # roles
service:
- admin
- Member
- require:
- keystone: Keystone tenants
- keystone: Keystone roles
nova:
keystone.user_present:
- password: '$up3rn0v4'
- email: nova@domain.com
- tenant: service
- roles:
service:
- admin
- require:
- keystone: Keystone tenants
- keystone: Keystone roles
demo:
keystone.user_present:
- password: 'd3m0n$trati0n'
- email: demo@domain.com
- tenant: demo
- roles:
demo:
- Member
- require:
- keystone: Keystone tenants
- keystone: Keystone roles
nova service:
keystone.service_present:
- name: nova
- service_type: compute
- description: OpenStack Compute Service
-
salt.states.keystone.endpoint_absent(name, profile=None, **connection_args)¶ Ensure that the endpoint for a service doesn't exist in Keystone catalog
- name
- The name of the service whose endpoints should not exist
-
salt.states.keystone.endpoint_present(name, publicurl=None, internalurl=None, adminurl=None, region='RegionOne', profile=None, **connection_args)¶ Ensure the specified endpoints exists for service
- name
- The Service name
- public url
- The public url of service endpoint
- internal url
- The internal url of service endpoint
- admin url
- The admin url of the service endpoint
- region
- The region of the endpoint
-
salt.states.keystone.role_absent(name, profile=None, **connection_args)¶ Ensure that the keystone role is absent.
- name
- The name of the role that should not exist
-
salt.states.keystone.role_present(name, profile=None, **connection_args)¶ ' Ensures that the keystone role exists
- name
- The name of the role that should be present
-
salt.states.keystone.service_absent(name, profile=None, **connection_args)¶ Ensure that the service doesn't exist in Keystone catalog
- name
- The name of the service that should not exist
-
salt.states.keystone.service_present(name, service_type, description=None, profile=None, **connection_args)¶ Ensure service present in Keystone catalog
- name
- The name of the service
- service_type
- The type of Openstack Service
- description (optional)
- Description of the service
-
salt.states.keystone.tenant_absent(name, profile=None, **connection_args)¶ Ensure that the keystone tenant is absent.
- name
- The name of the tenant that should not exist
-
salt.states.keystone.tenant_present(name, description=None, enabled=True, profile=None, **connection_args)¶ Ensures that the keystone tenant exists
- name
- The name of the tenant to manage
- description
- The description to use for this tenant
- enabled
- Availability state for this tenant
-
salt.states.keystone.user_absent(name, profile=None, **connection_args)¶ Ensure that the keystone user is absent.
- name
- The name of the user that should not exist
-
salt.states.keystone.user_present(name, password, email, tenant=None, enabled=True, roles=None, profile=None, password_reset=True, **connection_args)¶ Ensure that the keystone user is present with the specified properties.
- name
- The name of the user to manage
- password
- The password to use for this user
- password_reset
- Whether or not to reset password after initial set
- The email address for this user
- tenant
- The tenant for this user
- enabled
- Availability state for this user
- roles
The roles the user should have under given tenants. Passed as a dictionary mapping tenant names to a list of roles in this tenant, i.e.:
roles: admin: # tenant - admin # role service: - admin - Member
Version 2016.3.0-182-gbed98d8
