--- /dev/null
+# == Class keystone::service
+#
+# Encapsulates the keystone service to a class.
+# This allows resources that require keystone to
+# require this class, which can optionally
+# validate that the service can actually accept
+# connections.
+#
+# === Parameters
+#
+# [*ensure*]
+# (optional) The desired state of the keystone service
+# Defaults to 'running'
+#
+# [*service_name*]
+# (optional) The name of the keystone service
+# Defaults to $::keystone::params::service_name
+#
+# [*enable*]
+# (optional) Whether to enable the keystone service
+# Defaults to true
+#
+# [*hasstatus*]
+# (optional) Whether the keystone service has status
+# Defaults to true
+#
+# [*hasrestart*]
+# (optional) Whether the keystone service has restart
+# Defaults to true
+#
+# [*provider*]
+# (optional) Provider for keystone service
+# Defaults to $::keystone::params::service_provider
+#
+# [*validate*]
+# (optional) Whether to validate the service is working
+# after any service refreshes
+# Defaults to false
+#
+# [*admin_token*]
+# (optional) The admin token to use for validation
+# Defaults to undef
+#
+# [*admin_endpoint*]
+# (optional) The admin endpont to use for validation
+# Defaults to 'http://localhost:35357/v2.0'
+#
+# [*retries*]
+# (optional) Number of times to retry validation
+# Defaults to 10
+#
+# [*delay*]
+# (optional) Number of seconds between validation attempts
+# Defaults to 2
+#
+# [*insecure*]
+# (optional) Whether to validate keystone connections
+# using the --insecure option with keystone client.
+# Defaults to false
+#
+# [*cacert*]
+# (optional) Whether to validate keystone connections
+# using the specified argument with the --os-cacert option
+# with keystone client.
+# Defaults to undef
+#
+class keystone::service(
+ $ensure = 'running',
+ $service_name = $::keystone::params::service_name,
+ $enable = true,
+ $hasstatus = true,
+ $hasrestart = true,
+ $provider = $::keystone::params::service_provider,
+ $validate = false,
+ $admin_token = undef,
+ $admin_endpoint = 'http://localhost:35357/v2.0',
+ $retries = 10,
+ $delay = 2,
+ $insecure = false,
+ $cacert = undef,
+) {
+ include keystone::params
+
+ service { 'keystone':
+ ensure => $ensure,
+ name => $service_name,
+ enable => $enable,
+ hasstatus => $hasstatus,
+ hasrestart => $hasrestart,
+ provider => $provider
+ }
+
+ if $insecure {
+ $insecure_s = '--insecure'
+ } else {
+ $insecure_s = ''
+ }
+
+ if $cacert {
+ $cacert_s = "--os-cacert ${cacert}"
+ } else {
+ $cacert_s = ''
+ }
+
+ if $validate and $admin_token and $admin_endpoint {
+ $cmd = "keystone --os-endpoint ${admin_endpoint} --os-token ${admin_token} ${insecure_s} ${cacert_s} user-list"
+ $catch = 'name'
+ exec { 'validate_keystone_connection':
+ path => '/usr/bin:/bin:/usr/sbin:/sbin',
+ provider => shell,
+ command => $cmd,
+ subscribe => Service['keystone'],
+ refreshonly => true,
+ tries => $retries,
+ try_sleep => $delay
+ }
+
+ Exec['validate_keystone_connection'] -> Keystone_user<||>
+ Exec['validate_keystone_connection'] -> Keystone_role<||>
+ Exec['validate_keystone_connection'] -> Keystone_tenant<||>
+ Exec['validate_keystone_connection'] -> Keystone_service<||>
+ Exec['validate_keystone_connection'] -> Keystone_endpoint<||>
+ }
+}