diff options
| author |   Yanis Guenane <yguenane@redhat.com> | 2015-10-02 12:18:08 +0200 |
|---|---|---|
| committer |   Giulio Fidente <gfidente@redhat.com> | 2015-11-03 11:48:03 +0100 |
| commit | b60e8f79a26564b567f7620727428da50d7815b5 (patch) | |
| tree | 0a1fdb8d66d1dcf973a123c569a6c031c171e791 /puppet/manifests | |
| parent | 04327663a90fdb2caa963b21072e599a66e61d05 (diff) | |
Create keystone roles and admin user from t-h-t manifests
Currently keystone initialization happens via os-cloud-config [1].
This commit moves some of that directly into the manifests. This is the
first in a series of two changes to migrate it entirely into t-h-t.
This change focus on implementing what keystone.initialize() was doing
on the tripleoclient [2], creates the admin tenant, user and roles.
It also creates the keystone endpoint itself.
1. https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L128-L158
2. https://github.com/openstack/python-tripleoclient/blob/master/tripleoclient/v1/overcloud_deploy.py#L462-L527
Change-Id: I98555b707ff9b91c6e218de5dca68106ea05c8ea
Depends-On: Ia4b3244f114dcff746ab89d355ad4933f8fdbddf
Diffstat (limited to 'puppet/manifests')
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 2 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 21 |
2 files changed, 22 insertions, 1 deletions
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 777af228..813309e4 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -159,6 +159,8 @@ if hiera('step') >= 2 { if hiera('step') >= 3 { include ::keystone + include ::keystone::roles::admin + include ::keystone::endpoint #TODO: need a cleanup-keystone-tokens.sh solution here keystone_config { diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 38ee9c39..71811563 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -919,7 +919,11 @@ if hiera('step') >= 4 { # Keystone pacemaker::resource::service { $::keystone::params::service_name : - clone_params => "interleave=true", + clone_params => "interleave=true", + verify_on_create => true, + require => [File['/etc/keystone/ssl/certs/ca.pem'], + File['/etc/keystone/ssl/private/signing_key.pem'], + File['/etc/keystone/ssl/certs/signing_cert.pem']], } pacemaker::constraint::base { 'haproxy-then-keystone-constraint': @@ -1544,5 +1548,20 @@ if hiera('step') >= 4 { } #END STEP 4 +if hiera('step') >= 5 { + + if $pacemaker_master { + + class {'::keystone::roles::admin' : + require => Pacemaker::Resource::Service[$::keystone::params::service_name], + } -> + class {'::keystone::endpoint' : + require => Pacemaker::Resource::Service[$::keystone::params::service_name], + } + + } + +} #END STEP 5 + $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} |