5 files changed, 145 insertions, 20 deletions

diff --git a/manifests/profile/base/barbican.pp b/manifests/profile/base/barbican.pp
new file mode 100644
index 0000000..f4d6230
--- /dev/null
+++ b/manifests/profile/base/barbican.pp
@@ -0,0 +1,36 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::barbican
+#
+# Barbican profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+
+class tripleo::profile::base::barbican (
+  $step = hiera('step'),
+) {
+
+  if $step >= 3 {
+    include ::barbican
+    include ::barbican::config
+    include ::barbican::client
+  }
+}
diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
new file mode 100644
index 0000000..470e649
--- /dev/null
+++ b/manifests/profile/base/barbican/api.pp
@@ -0,0 +1,56 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::barbican::api
+#
+# Barbican profile for tripleo api
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+#   (Optional) The hostname of the node responsible for bootstrapping tasks
+#   Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+class tripleo::profile::base::barbican::api (
+  $bootstrap_node = hiera('bootstrap_nodeid', undef),
+  $step           = hiera('step'),
+) {
+  if $::hostname == downcase($bootstrap_node) {
+    $sync_db = true
+  } else {
+    $sync_db = false
+  }
+
+  include ::tripleo::profile::base::barbican
+
+  if $step >= 3 and $sync_db {
+    include ::barbican::db::mysql
+  }
+
+  if $step >= 4 or ( $step >= 3 and $sync_db ) {
+    class { '::barbican::api':
+      sync_db => $sync_db
+    }
+    include ::barbican::keystone::authtoken
+    include ::barbican::api::logging
+    include ::barbican::keystone::notification
+    include ::barbican::quota
+    include ::barbican::wsgi::apache
+  }
+}
diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp
index f3db396..a7d4487 100644
--- a/manifests/profile/base/glance/api.pp
+++ b/manifests/profile/base/glance/api.pp
@@ -22,6 +22,10 @@
 #   (Optional) Glance backend(s) to use.
 #   Defaults to downcase(hiera('glance_backend', 'swift'))
 #
+# [*glance_nfs_enabled*]
+#   (Optional) Whether to use NFS mount as 'file' backend storage location.
+#   Defaults to false
+#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
@@ -36,12 +40,17 @@
 #   Defaults to hiera('glance::notify::rabbitmq::rabbit_port', 5672)
 
 class tripleo::profile::base::glance::api (
-  $glance_backend = downcase(hiera('glance_backend', 'swift')),
-  $step           = hiera('step'),
-  $rabbit_hosts   = hiera('rabbitmq_node_ips', undef),
-  $rabbit_port    = hiera('glance::notify::rabbitmq::rabbit_port', 5672),
+  $glance_backend     = downcase(hiera('glance_backend', 'swift')),
+  $glance_nfs_enabled = false,
+  $step               = hiera('step'),
+  $rabbit_hosts       = hiera('rabbitmq_node_ips', undef),
+  $rabbit_port        = hiera('glance::notify::rabbitmq::rabbit_port', 5672),
 ) {
 
+  if $step >= 1 and $glance_nfs_enabled {
+    include ::tripleo::glance::nfs_mount
+  }
+
   if $step >= 4 {
     case $glance_backend {
         'swift': { $backend_store = 'glance.store.swift.Store' }
diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp
index abb9f76..2babf4c 100644
--- a/manifests/profile/base/heat.pp
+++ b/manifests/profile/base/heat.pp
@@ -53,7 +53,7 @@ class tripleo::profile::base::heat (
 ) {
   # Domain resources will be created at step5 on the node running keystone.pp
   # configure heat.conf at step3 and 4 but actually create the domain later.
-  if $step == 3 or $step == 4 {
+  if $step >= 3 {
     class { '::heat::keystone::domain':
       manage_domain => false,
       manage_user   => false,
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 8a70110..e30f712 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -74,6 +74,23 @@
 #   for more details.
 #   Defaults to hiera('step')
 #
+# [*heat_admin_domain*]
+#   domain name for heat admin
+#   Defaults to hiera('heat::keystone::domain::domain_name', 'heat')
+#
+# [*heat_admin_user*]
+#   heat admin user name
+#   Defaults to hiera('heat::keystone::domain::domain_admin', 'heat_admin')
+#
+# [*heat_admin_email*]
+#   heat admin email address
+#   Defaults to hiera('heat::keystone::domain::domain_admin_email',
+#     'heat_admin@localhost')
+#
+# [*heat_admin_password*]
+#   heat admin password
+#   Defaults to hiera('heat::keystone::domain::domain_password')
+#
 class tripleo::profile::base::keystone (
   $admin_endpoint_network        = hiera('keystone_admin_api_network', undef),
   $bootstrap_node                = hiera('bootstrap_nodeid', undef),
@@ -85,6 +102,10 @@ class tripleo::profile::base::keystone (
   $rabbit_hosts                  = hiera('rabbitmq_node_ips', undef),
   $rabbit_port                   = hiera('keystone::rabbit_port', 5672),
   $step                          = hiera('step'),
+  $heat_admin_domain             = hiera('heat::keystone::domain::domain_name', 'heat'),
+  $heat_admin_user               = hiera('heat::keystone::domain::domain_admin', 'heat_admin'),
+  $heat_admin_email              = hiera('heat::keystone::domain::domain_admin_email', 'heat_admin@localhost'),
+  $heat_admin_password           = hiera('heat::keystone::domain::domain_password'),
 ) {
   if $::hostname == downcase($bootstrap_node) {
     $sync_db = true
@@ -153,22 +174,22 @@ class tripleo::profile::base::keystone (
 
   if $step >= 5 and $manage_domain {
     if hiera('heat_engine_enabled', false) {
-      # if Heat and Keystone are collocated, so we want to
-      # both configure heat.conf and create Keystone resources.
-      # note: domain_password is given via Hiera.
-      if defined(Class['::tripleo::profile::base::heat']) {
-        include ::heat::keystone::domain
-      } else {
-        # if Heat and Keystone are not collocated, we want Puppet
-        # to only create Keystone resources on the Keystone node
-        # but not try to configure Heat, to avoid leaking the password.
-        class { '::heat::keystone::domain':
-          domain_name     => $::os_service_default,
-          domain_admin    => $::os_service_default,
-          domain_password => $::os_service_default,
-        }
+      # create these seperate and don't use ::heat::keystone::domain since
+      # that class writes out the configs
+      keystone_domain { $heat_admin_domain:
+        ensure  => 'present',
+        enabled => true
+      }
+      keystone_user { "${heat_admin_user}::${heat_admin_domain}":
+        ensure   => 'present',
+        enabled  => true,
+        email    => $heat_admin_email,
+        password => $heat_admin_password
+      }
+      keystone_user_role { "${heat_admin_user}::${heat_admin_domain}@::${heat_admin_domain}":
+        roles   => ['admin'],
+        require => Class['::keystone::roles::admin']
       }
-      Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
     }
   }
 
@@ -176,6 +197,9 @@ class tripleo::profile::base::keystone (
     if hiera('aodh_api_enabled', false) {
       include ::aodh::keystone::auth
     }
+    if hiera('barbican_api_enabled', false) {
+      include ::barbican::keystone::auth
+    }
     if hiera('ceilometer_api_enabled', false) {
       include ::ceilometer::keystone::auth
     }