aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/keystone.pp
AgeCommit message (Collapse)AuthorFilesLines
2016-08-05Remove keystone PKI cert generationSteven Hardy1-28/+0
We don't currently offer any parameter interface to enable PKI certs, and these have all been deprecated by keystone, so remove them. Change-Id: I8232262b928c91dcde7bea2f23fa2a7c2660719e
2016-07-18Make ::tripleo::profile::base classes work with multiple nodesMichele Baldessari1-16/+15
In the Next Generation HA architecture a number of active/active services will be run via systemd. In order for this to work we need to make sure that the sync_db operation only takes place on the bootstrap node, just like it is done today for the pacemaker profiles. We do this by removing sync_db as a parameter and instead set it to true or false depending if the hostname matches the bootstrap_node as it is done today in the pacemaker role. Note that we call hiera('bootstrap_nodeid', undef) because if a profile is included on a non controller node that variable will be undefined. The following testing was done: - HA puppet-pacemaker.yaml scenario with three computes - NonHA with one controller - NonHA with three controllers Fixes-Bug: 1600149 Co-Author: cmsj@tenshu.net Change-Id: I04a7b9e3c18627ea512000a34357acb7f27d6e0e Implements: blueprint ha-lightweight-architecture
2016-06-18keystone: fix a race condition in bootstrapEmilien Macchi1-11/+6
Before, we had bootstrap_master set to 'undef' by default that was used to whether or not run keystone bootstrap exec during deployment. Setting the value to undef was a mistake, because enable_bootstrap in puppet-keystone is set to true by default, so bootstrap was running on all controllers at step 4 for HA scenario, while we want it to run on a single controller (pacemaker_master) at step 4, like we do for db-sync. This patch: * removes bootstrap_master. * re-use sync_db to whether or not run keystone bootstrap. so it will only run on a single node when database is ready and db-sync done (orchestration dones by anchors in puppet-keystone). Change-Id: I1042862f7c346d1c358b908c33eae0f33afd5e9f
2016-05-18Merge "Remove manage_service and enabled from TripleO manifests"Jenkins1-12/+0
2016-05-13Update keystone service name for signing keysAlex Schultz1-3/+3
Since keystone is being run under apache, the signing keys should notify apache and not the keystone service. The keystone service is actually disabled, so if the keys get updated nothing happens. Change-Id: Idfebeabf03d010956569c32b24437245e2b93c2a Related-Bug: #1581591
2016-05-09Remove manage_service and enabled from TripleO manifestsGiulio Fidente1-12/+0
These can be controlled via the specific Pacemaker role template. Depends-On: I91a4267f0fc230f63df3333747d28463c7ae55fe Change-Id: I8ef7bb94e048b998712b3534ceb51a7d10d016e9
2016-05-04Create dbs in step 3 for the rolesGiulio Fidente1-1/+1
Before the roles we could make the create db operation depend on a 'galera-ready' resource [1]. We can't do it anymore from the role so we need to do create in step 3, when we do sync as well. 1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/manifests/overcloud_controller_pacemaker.pp#L382 Change-Id: Id065a9180f1f1a41ab225ec5f755498ec7d9a827
2016-05-03Move databases creation and sync with the roleGiulio Fidente1-3/+7
This change moves the database creation and sync with the role profile, so that it's only executed when the role is enabled and by the role itself. It also calls the non-pacemaker profiles out of the 'step' conditional because the non-pacemaker profiles know how to deal with 'step' already. Change-Id: I6c752cb53090e7ef8e0319bade462f2453ed7660 Related-Bug: 1572952
2016-03-22Add keystone and db sync profilesMichael Chapman1-0/+118
Implements: blueprint refactor-puppet-manifests Add keystone profiles for both pacemaker and non-ha. Add db sync profiles for pacemaker and non-ha. HA profiles are designed such that they include the base profiles, disabling features as needed, while the base profile can be used independently. Change-Id: I2faf5a78db802549053ec41678bf83bf28108189