diff options
Diffstat (limited to 'manifests/profile/base/keystone.pp')
| -rw-r--r-- | manifests/profile/base/keystone.pp | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index d515f8f..fbccdda 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -34,28 +34,35 @@ # [*rabbit_hosts*] # list of the rabbbit host IPs # Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('keystone::rabbit_port', 5672) class tripleo::profile::base::keystone ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $manage_db_purge = hiera('keystone_enable_db_purge', true), $step = hiera('step'), $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_port = hiera('keystone::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true $manage_roles = true $manage_endpoint = true + $manage_domain = true } else { $sync_db = false $manage_roles = false $manage_endpoint = false + $manage_domain = false } if $step >= 4 or ( $step >= 3 and $sync_db ) { class { '::keystone': sync_db => $sync_db, enable_bootstrap => $sync_db, - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => suffix($rabbit_hosts, ":${rabbit_port}") } include ::keystone::config @@ -76,6 +83,27 @@ class tripleo::profile::base::keystone ( include ::keystone::cron::token_flush } + if $step >= 5 and $manage_domain { + if hiera('heat_engine_enabled', false) { + # if Heat and Keystone are collocated, so we want to + # both configure heat.conf and create Keystone resources. + # note: domain_password is given via Hiera. + if defined(Class['::tripleo::profile::base::heat']) { + include ::heat::keystone::domain + } else { + # if Heat and Keystone are not collocated, we want Puppet + # to only create Keystone resources on the Keystone node + # but not try to configure Heat, to avoid leaking the password. + class { '::heat::keystone::domain': + domain_name => $::os_service_default, + domain_admin => $::os_service_default, + domain_password => $::os_service_default, + } + } + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } + } + if $step >= 5 and $manage_endpoint{ if hiera('aodh_api_enabled', false) { include ::aodh::keystone::auth |