diff options
Diffstat (limited to 'manifests/profile/base/keystone.pp')
| -rw-r--r-- | manifests/profile/base/keystone.pp | 55 |
1 files changed, 13 insertions, 42 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 706b78f..d8c8e24 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -18,17 +18,9 @@ # # === Parameters # -# [*sync_db*] -# (Optional) Whether to run db sync -# Defaults to true -# -# [*manage_roles*] -# (Optional) whether to create keystone admin role -# Defaults to true -# -# [*manage_endpoint*] -# (Optional) Whether to create keystone endpoints -# Defaults to true +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') # # [*manage_db_purge*] # (Optional) Whether keystone token flushing should be enabled @@ -40,12 +32,19 @@ # Defaults to hiera('step') # class tripleo::profile::base::keystone ( - $sync_db = true, - $manage_roles = true, - $manage_endpoint = true, + $bootstrap_node = hiera('bootstrap_nodeid', undef), $manage_db_purge = hiera('keystone_enable_db_purge', true), $step = hiera('step'), ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + $manage_roles = true + $manage_endpoint = true + } else { + $sync_db = false + $manage_roles = false + $manage_endpoint = false + } if $step >= 3 and $sync_db { include ::keystone::db::mysql @@ -68,34 +67,6 @@ class tripleo::profile::base::keystone ( include ::keystone::endpoint } - #TODO: need a cleanup-keystone-tokens.sh solution here - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } } if $step >= 5 and $manage_db_purge { |