summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Mágr <mmagr@redhat.com>2015-03-02 11:04:20 +0100
committerMartin Mágr <mmagr@redhat.com>2015-04-22 12:37:23 +0200
commit7313930c22b9f18d67e630de084ffcc6fad5ebe7 (patch)
treeec2f19845f591d17e7835285750b7b7d6fc3bd48
parent0c14b2ad3e0114ffa0aa9514cdfe3dd9d9d212a8 (diff)
Keystone domain for Heat
This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. Change-Id: I7397f49fac17c30262d02b70021d613aef5c6cad
-rw-r--r--overcloud-without-mergepy.yaml4
-rw-r--r--puppet/controller-puppet.yaml9
-rw-r--r--puppet/hieradata/controller.yaml8
-rw-r--r--puppet/manifests/overcloud_controller.pp4
4 files changed, 21 insertions, 4 deletions
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index cd684579..e0280eba 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -316,9 +316,9 @@ parameters:
type: string
hidden: true
HeatStackDomainAdminPassword:
- description: Password for heat_domain_admin user.
+ default: unset
+ description: Password for heat_stack_domain_admin user.
type: string
- default: ''
hidden: true
KeystoneCACertificate:
default: ''
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 3c299895..18fd5cba 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -133,9 +133,9 @@ parameters:
type: string
hidden: true
HeatStackDomainAdminPassword:
- description: Password for heat_domain_admin user.
+ default: unset
+ description: Password for heat_stack_domain_admin user.
type: string
- default: ''
hidden: true
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
@@ -702,8 +702,13 @@ resources:
heat::database_connection: {get_input: heat_dsn}
heat::instance_user: heat-admin
heat::debug: {get_input: debug}
+ # TO-DO: Remove this class as soon as Keystone v3 will be fully functional
+ heat::keystone::domain::auth_url: {list_join: ['', ['http://', {get_param: VirtualIP} , ':35357/v2.0']]}
+ heat::keystone::domain::keystone_password: {get_input: admin_password}
+ heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
# Keystone
+ keystone::roles::admin::password: {get_input: admin_password}
keystone::admin_token: {get_input: admin_token}
keystone_ca_certificate: {get_input: keystone_ca_certificate}
keystone_signing_key: {get_input: keystone_signing_key}
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 47f358a9..1a74e0a8 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -1,4 +1,8 @@
+
# Hiera data here applies to all controller nodes
+keystone::roles::admin::email: 'root@localhost'
+keystone::roles::admin::admin_tenant: 'admin'
+
nova::api::enabled: true
nova::conductor::enabled: true
nova::consoleauth::enabled: true
@@ -69,6 +73,10 @@ cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterSch
heat::engine::heat_stack_user_role: ''
heat::engine::configure_delegated_roles: false
heat::engine::trusts_delegated_roles: []
+heat::keystone::domain::keystone_admin: 'admin'
+heat::keystone::domain::keystone_tenant: 'admin'
+heat::keystone::domain::domain_name: 'heat_stack'
+heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
mysql::server::manage_config_file: true
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 2b637b37..5a63456c 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -152,6 +152,7 @@ if hiera('step') >= 2 {
if hiera('step') >= 3 {
include ::keystone
+ include ::keystone::roles::admin
#TODO: need a cleanup-keystone-tokens.sh solution here
keystone_config {
@@ -339,6 +340,9 @@ if hiera('step') >= 3 {
include ::heat::api_cfn
include ::heat::api_cloudwatch
include ::heat::engine
+ # TO-DO: Remove this class as soon as Keystone v3 will be fully functional
+ include ::heat::keystone::domain
+ Service['keystone'] -> Class['::keystone::roles::admin'] -> Exec['heat_domain_create']
$snmpd_user = hiera('snmpd_readonly_user_name')
snmp::snmpv3_user { $snmpd_user: