salt.states.keystone

Management of Keystone users

depends:
  • keystoneclient Python module
configuration:

See salt.modules.keystone for setup instructions.

Keystone tenants:
  keystone.tenant_present:
    - names:
      - admin
      - demo
      - service

Keystone roles:
  keystone.role_present:
    - names:
      - admin
      - Member

admin:
  keystone.user_present:
    - password: R00T_4CC3SS
    - email: admin@domain.com
    - roles:
      - admin:   # tenants
        - admin  # roles
      - service:
        - admin
        - Member
    - require:
      - keystone: Keystone tenants
      - keystone: Keystone roles

nova:
  keystone.user_present:
    - password: '$up3rn0v4'
    - email: nova@domain.com
    - tenant: service
    - roles:
      - service:
        - admin
    - require:
      - keystone: Keystone tenants
      - keystone: Keystone roles

demo:
  keystone.user_present:
    - password: 'd3m0n$trati0n'
    - email: demo@domain.com
    - tenant: demo
    - roles:
      - demo:
        - Member
    - require:
      - keystone: Keystone tenants
      - keystone: Keystone roles

nova service:
  keystone.service_present:
    - name: nova
    - service_type: compute
    - description: OpenStack Compute Service
salt.states.keystone.role_absent(name, profile=None, **connection_args)

Ensure that the keystone role is absent.

name
The name of the role that should not exist
salt.states.keystone.role_present(name, profile=None, **connection_args)

' Ensures that the keystone role exists

name
The name of the role that should be present
salt.states.keystone.service_absent(name, profile=None, **connection_args)

Ensure that the service doesn't exist in Keystone catalog

name
The name of the service that should not exist
salt.states.keystone.service_present(name, service_type, description=None, profile=None, **connection_args)

Ensure service present in Keystone catalog

name
The name of the service
service_type
The type of Openstack Service
description (optional)
Description of the service
salt.states.keystone.tenant_absent(name, profile=None, **connection_args)

Ensure that the keystone tenant is absent.

name
The name of the tenant that should not exist
salt.states.keystone.tenant_present(name, description=None, enabled=True, profile=None, **connection_args)

' Ensures that the keystone tenant exists

name
The name of the tenant to manage
description
The description to use for this tenant
enabled
Availability state for this tenant
salt.states.keystone.user_absent(name, profile=None, **connection_args)

Ensure that the keystone user is absent.

name
The name of the user that should not exist
salt.states.keystone.user_present(name, password, email, tenant=None, enabled=True, roles=None, profile=None, **connection_args)

Ensure that the keystone user is present with the specified properties.

name
The name of the user to manage
password
The password to use for this user
email
The email address for this user
tenant
The tenant for this user
enabled
Availability state for this user
roles
The roles the user should have under tenants

Current Salt release: 2014.1.6

Docs for previous releases on salt.rtfd.org.

Table Of Contents

Previous topic

salt.states.keyboard

Next topic

salt.states.kmod

Upcoming SaltStack Events