0

I am using https://github.com/openstack/puppet-keystone to set up an OpenStack management/controller node. I need to add the 'glance' user to keystone. I want to try and do as much as I can in my hiera data so my manifest will be simple.

Here is my manifest:

class kilo2_keystone {
    include controller_ceph
    include keystone
    include keystone::config
    include keystone::user
#    keystone_user { 'glance':
#        ensure => present,
#    }

}

The commented out section works, but I want to be able to do include keystone::user and supply the parameters in my hiera data like so:

keystone::user: 
   "%{hiera('glance_admin_user')}":
      ensure: present

But when I run puppet agent -t on my node I get this error:

Could not find class ::keystone::user
Red Cricket
  • 9,762
  • 21
  • 81
  • 166
  • 1
    There does not appear to be a user class in that module, so what are you attempting to do with `include keystone::user`? Also, if you are defining a resource in hiera like that, then you want to use something like `create_resources` on the lookup. Are you using Hiera <= 3 or the Puppet Data Provider/Hiera4? – Matthew Schuchard Aug 08 '16 at 22:17

1 Answers1

1

The commented-out code declares a resource of type keystone_user, not a class. Presumably its type, keystone_user, is provided by the puppet-keystone module. The include() family of functions are for declaring classes, not resources, so they are inapplicable to keystone_user.

There is more than one way you could proceed. If you don't anticipate wanting to anything more complicated than declaring one or more keystone_users present, then I'd recommend giving your class a parameter for the user name(s), to which you can assign a value via Hiera:

class kilo2_keystone($usernames = []) {
  include controller_ceph
  include keystone
  include keystone::config

  keystone_user { $usernames:
    ensure => present,
  }
}

On the other hand, if you want to be able to declare multiple users, each with its own set of attributes, then the create_resources() function is probably the path of least resistance. You still want to parameterize your class so that it gets the data from Hiera via automated data binding, but now you want the data to be structured differently, as described in the create_resources() docs: as a hash mapping resource titles (usernames, in your case) to inner hashes of resource parameters to corresponding values.

For example, your class might look like this:

class kilo2_keystone($userdata = {}) {
  include controller_ceph
  include keystone
  include keystone::config

  create_resources('keystone_user', $userdata)
}

The corresponding data for this class might look like this:

kilo2_keystone::userdata:
  glance:
    ensure: present
    enabled: true
  another_user:
    ensure: absent

Note also that you are placing your kilo2_keystone class in the top scope. You really ought to put it in a module and assign it to that module's namespace. The latter would look like this:

class mymodule::kilo2_keystone($userdata = {}) {
  # ...
}
John Bollinger
  • 160,171
  • 8
  • 81
  • 157
  • Also you can't do a hiera lookup inside the hieradata, which is something else in the example in the question. – Matthew Schuchard Aug 10 '16 at 01:56
  • 1
    @MattSchuchard, you *can* do a hiera lookup inside hiera data; see https://docs.puppet.com/hiera/3.2/variables.html#using-lookup-functions. The link is for the Hiera 3.2 docs, but the feature is documented all the way back to Hiera 1. – John Bollinger Aug 10 '16 at 04:28
  • That really seems like something that shouldn't be possible, which must be why i haven't seen it in use until now. Interesting. – Matthew Schuchard Aug 10 '16 at 11:45