From 7313930c22b9f18d67e630de084ffcc6fad5ebe7 Mon Sep 17 00:00:00 2001 From: Martin Mágr Date: Mon, 2 Mar 2015 11:04:20 +0100 Subject: Keystone domain for Heat This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. Change-Id: I7397f49fac17c30262d02b70021d613aef5c6cad --- overcloud-without-mergepy.yaml | 4 ++-- puppet/controller-puppet.yaml | 9 +++++++-- puppet/hieradata/controller.yaml | 8 ++++++++ puppet/manifests/overcloud_controller.pp | 4 ++++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index cd684579..e0280eba 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -316,9 +316,9 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + default: unset + description: Password for heat_stack_domain_admin user. type: string - default: '' hidden: true KeystoneCACertificate: default: '' diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 3c299895..18fd5cba 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -133,9 +133,9 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + default: unset + description: Password for heat_stack_domain_admin user. type: string - default: '' hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine @@ -702,8 +702,13 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::instance_user: heat-admin heat::debug: {get_input: debug} + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + heat::keystone::domain::auth_url: {list_join: ['', ['http://', {get_param: VirtualIP} , ':35357/v2.0']]} + heat::keystone::domain::keystone_password: {get_input: admin_password} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone + keystone::roles::admin::password: {get_input: admin_password} keystone::admin_token: {get_input: admin_token} keystone_ca_certificate: {get_input: keystone_ca_certificate} keystone_signing_key: {get_input: keystone_signing_key} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 47f358a9..1a74e0a8 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,4 +1,8 @@ + # Hiera data here applies to all controller nodes +keystone::roles::admin::email: 'root@localhost' +keystone::roles::admin::admin_tenant: 'admin' + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true @@ -69,6 +73,10 @@ cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterSch heat::engine::heat_stack_user_role: '' heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] +heat::keystone::domain::keystone_admin: 'admin' +heat::keystone::domain::keystone_tenant: 'admin' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' mysql::server::manage_config_file: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 2b637b37..5a63456c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -152,6 +152,7 @@ if hiera('step') >= 2 { if hiera('step') >= 3 { include ::keystone + include ::keystone::roles::admin #TODO: need a cleanup-keystone-tokens.sh solution here keystone_config { @@ -339,6 +340,9 @@ if hiera('step') >= 3 { include ::heat::api_cfn include ::heat::api_cloudwatch include ::heat::engine + # TO-DO: Remove this class as soon as Keystone v3 will be fully functional + include ::heat::keystone::domain + Service['keystone'] -> Class['::keystone::roles::admin'] -> Exec['heat_domain_create'] $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: -- cgit 1.2.3-korg