diff options
| -rw-r--r-- | overcloud-without-mergepy.yaml | 4 | ||||
| -rw-r--r-- | puppet/controller-puppet.yaml | 9 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 8 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 4 |
4 files changed, 21 insertions, 4 deletions
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index fce322c8..834dda2b 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -337,9 +337,9 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + default: unset + description: Password for heat_stack_domain_admin user. type: string - default: '' hidden: true KeystoneCACertificate: default: '' diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index e9195912..80b790d5 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -154,9 +154,9 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + default: unset + description: Password for heat_stack_domain_admin user. type: string - default: '' hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine @@ -740,8 +740,13 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::instance_user: heat-admin heat::debug: {get_input: debug} + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + heat::keystone::domain::auth_url: {list_join: ['', ['http://', {get_param: VirtualIP} , ':35357/v2.0']]} + heat::keystone::domain::keystone_password: {get_input: admin_password} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone + keystone::roles::admin::password: {get_input: admin_password} keystone::admin_token: {get_input: admin_token} keystone_ca_certificate: {get_input: keystone_ca_certificate} keystone_signing_key: {get_input: keystone_signing_key} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 5cf9f350..421bbdfb 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,4 +1,8 @@ + # Hiera data here applies to all controller nodes +keystone::roles::admin::email: 'root@localhost' +keystone::roles::admin::admin_tenant: 'admin' + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true @@ -76,6 +80,10 @@ cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterSch heat::engine::heat_stack_user_role: '' heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] +heat::keystone::domain::keystone_admin: 'admin' +heat::keystone::domain::keystone_tenant: 'admin' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 6e8bf5a7..9f385a1d 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -260,6 +260,7 @@ if hiera('step') >= 2 { if hiera('step') >= 3 { include ::keystone + include ::keystone::roles::admin #TODO: need a cleanup-keystone-tokens.sh solution here keystone_config { @@ -461,6 +462,9 @@ if hiera('step') >= 3 { include ::heat::api_cfn include ::heat::api_cloudwatch include ::heat::engine + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + include ::heat::keystone::domain + Service['keystone'] -> Class['::keystone::roles::admin'] -> Exec['heat_domain_create'] $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: |