1 files changed, 26 insertions, 21 deletions

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 632d9b0b..58b2b7bf 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Keystone service configured with Puppet
@@ -119,27 +119,27 @@ parameters:
         Cron to purge expired tokens - Ensure
     default: 'present'
   KeystoneCronTokenFlushMinute:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Minute
     default: '1'
   KeystoneCronTokenFlushHour:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Hour
-    default: '0'
+    default: '*'
   KeystoneCronTokenFlushMonthday:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Month Day
     default: '*'
   KeystoneCronTokenFlushMonth:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Month
     default: '*'
   KeystoneCronTokenFlushWeekday:
-    type: string
+    type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Week Day
     default: '*'
@@ -202,15 +202,15 @@ outputs:
         map_merge:
           - get_attr: [ApacheServiceBase, role_data, config_settings]
           - keystone::database_connection:
-              list_join:
-                - ''
-                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-                  - '://keystone:'
-                  - {get_param: AdminToken}
-                  - '@'
-                  - {get_param: [EndpointMap, MysqlInternal, host]}
-                  - '/keystone'
-                  - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+              make_url:
+                scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+                username: keystone
+                password: {get_param: AdminToken}
+                host: {get_param: [EndpointMap, MysqlInternal, host]}
+                path: /keystone
+                query:
+                  read_default_file: /etc/my.cnf.d/tripleo.cnf
+                  read_default_group: tripleo
             keystone::admin_token: {get_param: AdminToken}
             keystone::admin_password: {get_param: AdminPassword}
             keystone::roles::admin::password: {get_param: AdminPassword}
@@ -339,10 +339,15 @@ outputs:
             horizon::keystone_multidomain_support: true
             horizon::keystone_default_domain: 'Default'
           - {}
-      # Ansible tasks to handle upgrade
-      upgrade_tasks:
-        - name: Stop keystone service (running under httpd)
-          tags: step1
-          service: name=httpd state=stopped
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
+      upgrade_tasks:
+        yaql:
+          expression: $.data.apache_upgrade + $.data.keystone_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            keystone_upgrade:
+              - name: Stop keystone service (running under httpd)
+                tags: step1
+                service: name=httpd state=stopped