diff options
author | Martin Mágr <mmagr@redhat.com> | 2015-03-02 11:04:20 +0100 |
---|---|---|
committer | Martin Mágr <mmagr@redhat.com> | 2015-04-22 12:37:23 +0200 |
commit | 7313930c22b9f18d67e630de084ffcc6fad5ebe7 (patch) | |
tree | ec2f19845f591d17e7835285750b7b7d6fc3bd48 | |
parent | 0c14b2ad3e0114ffa0aa9514cdfe3dd9d9d212a8 (diff) |
Keystone domain for Heat
This patch adds support for configuring Keystone domain for Heat
via heat-keystone-setup-domain script. It should be reverted
as soon as Keystone v3 is fully functional.
Change-Id: I7397f49fac17c30262d02b70021d613aef5c6cad
-rw-r--r-- | overcloud-without-mergepy.yaml | 4 | ||||
-rw-r--r-- | puppet/controller-puppet.yaml | 9 | ||||
-rw-r--r-- | puppet/hieradata/controller.yaml | 8 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller.pp | 4 |
4 files changed, 21 insertions, 4 deletions
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index cd684579..e0280eba 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -316,9 +316,9 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + default: unset + description: Password for heat_stack_domain_admin user. type: string - default: '' hidden: true KeystoneCACertificate: default: '' diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 3c299895..18fd5cba 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -133,9 +133,9 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + default: unset + description: Password for heat_stack_domain_admin user. type: string - default: '' hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine @@ -702,8 +702,13 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::instance_user: heat-admin heat::debug: {get_input: debug} + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + heat::keystone::domain::auth_url: {list_join: ['', ['http://', {get_param: VirtualIP} , ':35357/v2.0']]} + heat::keystone::domain::keystone_password: {get_input: admin_password} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone + keystone::roles::admin::password: {get_input: admin_password} keystone::admin_token: {get_input: admin_token} keystone_ca_certificate: {get_input: keystone_ca_certificate} keystone_signing_key: {get_input: keystone_signing_key} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 47f358a9..1a74e0a8 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,4 +1,8 @@ + # Hiera data here applies to all controller nodes +keystone::roles::admin::email: 'root@localhost' +keystone::roles::admin::admin_tenant: 'admin' + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true @@ -69,6 +73,10 @@ cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterSch heat::engine::heat_stack_user_role: '' heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] +heat::keystone::domain::keystone_admin: 'admin' +heat::keystone::domain::keystone_tenant: 'admin' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' mysql::server::manage_config_file: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 2b637b37..5a63456c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -152,6 +152,7 @@ if hiera('step') >= 2 { if hiera('step') >= 3 { include ::keystone + include ::keystone::roles::admin #TODO: need a cleanup-keystone-tokens.sh solution here keystone_config { @@ -339,6 +340,9 @@ if hiera('step') >= 3 { include ::heat::api_cfn include ::heat::api_cloudwatch include ::heat::engine + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + include ::heat::keystone::domain + Service['keystone'] -> Class['::keystone::roles::admin'] -> Exec['heat_domain_create'] $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: |