diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/controller-puppet.yaml | 9 | ||||
-rw-r--r-- | puppet/hieradata/controller.yaml | 8 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller.pp | 4 |
3 files changed, 19 insertions, 2 deletions
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 3c299895..18fd5cba 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -133,9 +133,9 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + default: unset + description: Password for heat_stack_domain_admin user. type: string - default: '' hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine @@ -702,8 +702,13 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::instance_user: heat-admin heat::debug: {get_input: debug} + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + heat::keystone::domain::auth_url: {list_join: ['', ['http://', {get_param: VirtualIP} , ':35357/v2.0']]} + heat::keystone::domain::keystone_password: {get_input: admin_password} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone + keystone::roles::admin::password: {get_input: admin_password} keystone::admin_token: {get_input: admin_token} keystone_ca_certificate: {get_input: keystone_ca_certificate} keystone_signing_key: {get_input: keystone_signing_key} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 47f358a9..1a74e0a8 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,4 +1,8 @@ + # Hiera data here applies to all controller nodes +keystone::roles::admin::email: 'root@localhost' +keystone::roles::admin::admin_tenant: 'admin' + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true @@ -69,6 +73,10 @@ cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterSch heat::engine::heat_stack_user_role: '' heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] +heat::keystone::domain::keystone_admin: 'admin' +heat::keystone::domain::keystone_tenant: 'admin' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' mysql::server::manage_config_file: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 2b637b37..5a63456c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -152,6 +152,7 @@ if hiera('step') >= 2 { if hiera('step') >= 3 { include ::keystone + include ::keystone::roles::admin #TODO: need a cleanup-keystone-tokens.sh solution here keystone_config { @@ -339,6 +340,9 @@ if hiera('step') >= 3 { include ::heat::api_cfn include ::heat::api_cloudwatch include ::heat::engine + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + include ::heat::keystone::domain + Service['keystone'] -> Class['::keystone::roles::admin'] -> Exec['heat_domain_create'] $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: |