Module for handling openstack keystone calls.
optdepends: |
|
---|---|
configuration: | This module is not usable until the following are specified either in a pillar or in the minion's config file: keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
OR (for token based authentication)
keystone.token: 'ADMIN'
keystone.endpoint: 'http://127.0.0.1:35357/v2.0'
If configuration for multiple openstack accounts is required, they can be set up as different configuration profiles: For example: openstack1:
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
openstack2:
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
With this configuration in place, any of the keystone functions can make use of a configuration profile by declaring it explicitly. For example: salt '*' keystone.tenant_list profile=openstack1
|
Set up keystone credentials
Only intended to be used within Keystone-enabled modules
Create EC2-compatibile credentials for user per tenant
CLI Examples:
salt '*' keystone.ec2_credentials_create name=admin tenant=admin
salt '*' keystone.ec2_credentials_create user_id=c965f79c4f864eaaa9c3b41904e67082 tenant_id=722787eb540849158668370dc627ec5f
Delete EC2-compatibile credentials
CLI Examples:
salt '*' keystone.ec2_credentials_delete 860f8c2c38ca4fab989f9bc56a061a64
access_key=5f66d2f24f604b8bb9cd28886106f442
salt '*' keystone.ec2_credentials_delete name=admin access_key=5f66d2f24f604b8bb9cd28886106f442
Return ec2_credentials for a user (keystone ec2-credentials-get)
CLI Examples:
salt '*' keystone.ec2_credentials_get c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370dc627ec5f
salt '*' keystone.ec2_credentials_get user_id=c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370dc627ec5f
salt '*' keystone.ec2_credentials_get name=nova access=722787eb540849158668370dc627ec5f
Return a list of ec2_credentials for a specific user (keystone ec2-credentials-list)
CLI Examples:
salt '*' keystone.ec2_credentials_list 298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list user_id=298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list name=jack
Return a specific endpoint (keystone endpoint-get)
CLI Example:
salt '*' keystone.endpoint_get ec2
Return a list of available endpoints (keystone endpoints-list)
CLI Example:
salt '*' keystone.endpoint_list
Create named role
salt '*' keystone.role_create admin
Delete a role (keystone role-delete)
CLI Examples:
salt '*' keystone.role_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete name=admin
Return a specific roles (keystone role-get)
CLI Examples:
salt '*' keystone.role_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get name=nova
Return a list of available roles (keystone role-list)
CLI Example:
salt '*' keystone.role_list
Add service to Keystone service catalog
CLI Examples:
salt '*' keystone.service_create nova compute 'OpenStack Compute Service'
Delete a service from Keystone service catalog
CLI Examples:
salt '*' keystone.service_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_delete name=nova
Return a specific services (keystone service-get)
CLI Examples:
salt '*' keystone.service_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get service_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get name=nova
Return a list of available services (keystone services-list)
CLI Example:
salt '*' keystone.service_list
Create a keystone tenant
CLI Examples:
salt '*' keystone.tenant_create nova description='nova tenant'
salt '*' keystone.tenant_create test enabled=False
Delete a tenant (keystone tenant-delete)
CLI Examples:
salt '*' keystone.tenant_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete name=demo
Return a specific tenants (keystone tenant-get)
CLI Examples:
salt '*' keystone.tenant_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get name=nova
Return a list of available tenants (keystone tenants-list)
CLI Example:
salt '*' keystone.tenant_list
Update a tenant's information (keystone tenant-update) The following fields may be updated: name, email, enabled. Can only update name if targeting by ID
CLI Examples:
salt '*' keystone.tenant_update name=admin enabled=True
salt '*' keystone.tenant_update c965f79c4f864eaaa9c3b41904e67082 name=admin email=admin@domain.com
Return the configured tokens (keystone token-get)
CLI Example:
salt '*' keystone.token_get c965f79c4f864eaaa9c3b41904e67082
Create a user (keystone user-create)
CLI Examples:
salt '*' keystone.user_create name=jack password=zero email=jack@halloweentown.org tenant_id=a28a7b5a999a455f84b1f5210264375e enabled=True
Delete a user (keystone user-delete)
CLI Examples:
salt '*' keystone.user_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete name=nova
Return a specific users (keystone user-get)
CLI Examples:
salt '*' keystone.user_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get name=nova
Return a list of available users (keystone user-list)
CLI Example:
salt '*' keystone.user_list
Update a user's password (keystone user-password-update)
CLI Examples:
salt '*' keystone.user_delete c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_delete name=nova password=12345
Add role for user in tenant (keystone user-role-add)
CLI Examples:
salt '*' keystone.user_role_add user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_add user=admin tenant=admin role=admin
Return a list of available user_roles (keystone user-roles-list)
CLI Examples:
salt '*' keystone.user_role_list user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b
salt '*' keystone.user_role_list user_name=admin tenant_name=admin
Remove role for user in tenant (keystone user-role-remove)
CLI Examples:
salt '*' keystone.user_role_remove user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_remove user=admin tenant=admin role=admin
Update a user's information (keystone user-update) The following fields may be updated: name, email, enabled, tenant. Because the name is one of the fields, a valid user id is required.
CLI Examples:
salt '*' keystone.user_update user_id=c965f79c4f864eaaa9c3b41904e67082 name=newname
salt '*' keystone.user_update c965f79c4f864eaaa9c3b41904e67082 name=newname email=newemail@domain.com
Verify a user's password
CLI Examples:
salt '*' keystone.user_verify_password name=test password=foobar
salt '*' keystone.user_verify_password user_id=c965f79c4f864eaaa9c3b41904e67082 password=foobar
Current Salt release: 2014.1.6
Docs for previous releases on salt.rtfd.org.