2 files changed, 52 insertions, 2 deletions

diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 777af228..96302f2e 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -159,6 +159,8 @@ if hiera('step') >= 2 {
 if hiera('step') >= 3 {
 
   include ::keystone
+  include ::keystone::roles::admin
+  include ::keystone::endpoint
 
   #TODO: need a cleanup-keystone-tokens.sh solution here
   keystone_config {
@@ -482,6 +484,15 @@ if hiera('step') >= 3 {
 
 if hiera('step') >= 4 {
   include ::keystone::cron::token_flush
+
+  include ::ceilometer::keystone::auth
+  include ::cinder::keystone::auth
+  include ::glance::keystone::auth
+  include ::heat::keystone::auth
+  include ::neutron::keystone::auth
+  include ::nova::keystone::auth
+  include ::swift::keystone::auth
+
 } #END STEP 4
 
 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 9c610dc2..f8ef7212 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -918,7 +918,11 @@ if hiera('step') >= 4 {
 
     # Keystone
     pacemaker::resource::service { $::keystone::params::service_name :
-      clone_params => "interleave=true",
+      clone_params     => "interleave=true",
+      verify_on_create => true,
+      require          => [File['/etc/keystone/ssl/certs/ca.pem'],
+                           File['/etc/keystone/ssl/private/signing_key.pem'],
+                           File['/etc/keystone/ssl/certs/signing_cert.pem']],
     }
 
     pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
@@ -1052,7 +1056,6 @@ if hiera('step') >= 4 {
     # https://bugzilla.redhat.com/show_bug.cgi?id=1233061
     exec { '/usr/bin/systemctl start neutron-server && /usr/bin/sleep 5' : } ->
     pacemaker::resource::service { $::neutron::params::server_service:
-      op_params => "start timeout=90",
       clone_params   => "interleave=true",
       require => Pacemaker::Resource::Service[$::keystone::params::service_name]
     }
@@ -1553,5 +1556,41 @@ if hiera('step') >= 4 {
 
 } #END STEP 4
 
+if hiera('step') >= 5 {
+
+  if $pacemaker_master {
+
+    class {'::keystone::roles::admin' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class {'::keystone::endpoint' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class { '::ceilometer::keystone::auth' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class { '::cinder::keystone::auth' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class { '::glance::keystone::auth' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class { '::heat::keystone::auth' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class { '::neutron::keystone::auth' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class { '::nova::keystone::auth' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class { '::swift::keystone::auth' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    }
+
+  }
+
+} #END STEP 5
+
 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
 package_manifest{$package_manifest_name: ensure => present}