From f161c8435a4ff6e3d4ed3798351092d03d2cd4ac Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Wed, 4 Nov 2015 16:55:34 +0000 Subject: Revert "Manage keystone initialization directly in t-h-t manifests" This reverts commit 86d6c1ddc76bad423194e789ffb5474e4e12960e. This likely has an impact on upgrades, and since we don't have an upgrade CI job yet I'm concerned that we may have just broken ourselves. I would prefer to wait to merge this until the CI job is in place. Change-Id: Ib2366cb4b40471a28122f6e9955da9bdb31a53fb --- puppet/controller.yaml | 249 +-------------------- puppet/hieradata/controller.yaml | 12 - puppet/manifests/overcloud_controller.pp | 9 - puppet/manifests/overcloud_controller_pacemaker.pp | 21 -- 4 files changed, 2 insertions(+), 289 deletions(-) diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 009199d4..4504428d 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -727,24 +727,6 @@ resources: - - 'http://' - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' - heat_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8004/v1/%(tenant_id)s' - heat_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8004/v1/%(tenant_id)s' - heat_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8004/v1/%(tenant_id)s' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} @@ -777,42 +759,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/cinder' - cinder_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v1/%(tenant_id)s' - cinder_public_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8776/v2/%(tenant_id)s' - cinder_internal_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v2/%(tenant_id)s' - cinder_admin_url_v2: - list_join: - - '' - - - 'http://' - - {get_param: CinderApiVirtualIP} - - ':8776/v2/%(tenant_id)s' glance_port: {get_param: GlancePort} glance_password: {get_param: GlancePassword} glance_backend: {get_param: GlanceBackend} @@ -965,19 +911,7 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ovs_neutron?charset=utf8' - neutron_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':9696' - neutron_admin_url: + neutron_url: list_join: - '' - - 'http://' @@ -1006,24 +940,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ceilometer' - ceilometer_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8777' - ceilometer_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: CeilometerApiVirtualIP} - - ':8777' - ceilometer_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: CeilometerApiVirtualIP} - - ':8777' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_password: {get_param: NovaPassword} @@ -1035,60 +951,6 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/nova' - nova_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v2/%(tenant_id)s' - nova_v3_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8774/v3' - nova_v3_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v3' - nova_v3_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8774/v3' - nova_ec2_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8773/services/Cloud' - nova_ec2_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8773/services/Cloud' - nova_ec2_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: NovaApiVirtualIP} - - ':8773/services/Admin' fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -1118,42 +980,6 @@ resources: swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} - swift_public_url: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8080/v1/AUTH_%(tenant_id)s' - swift_internal_url: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080/v1/AUTH_%(tenant_id)s' - swift_admin_url: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' - swift_public_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: PublicVirtualIP} - - ':8080' - swift_internal_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' - swift_admin_url_s3: - list_join: - - '' - - - 'http://' - - {get_param: SwiftProxyVirtualIP} - - ':8080' enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -1171,30 +997,6 @@ resources: - ':' - {get_param: GlancePort} glance_registry_host: {get_param: GlanceRegistryVirtualIP} - glance_public_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: PublicVirtualIP} - - ':' - - {get_param: GlancePort} - glance_internal_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} - glance_admin_url: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1281,14 +1083,6 @@ resources: tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - swift::keystone::auth::public_url: {get_input: swift_public_url } - swift::keystone::auth::internal_url: {get_input: swift_internal_url } - swift::keystone::auth::admin_url: {get_input: swift_admin_url } - swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } - swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } - swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } - swift::keystone::auth::password: {get_input: swift_password } - swift::keystone::auth::region: {get_input: keystone_region} # NOTE(dprince): build_ring support is currently not wired in. # See: https://review.openstack.org/#/c/109225/ @@ -1316,14 +1110,6 @@ resources: cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} cinder::db::mysql::password: {get_input: cinder_password} - cinder::keystone::auth::public_url: {get_input: cinder_public_url } - cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } - cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } - cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } - cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } - cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } - cinder::keystone::auth::password: {get_input: cinder_password } - cinder::keystone::auth::region: {get_input: keystone_region} # Glance glance::api::bind_port: {get_input: glance_port} @@ -1348,11 +1134,6 @@ resources: glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} glance::db::mysql::password: {get_input: glance_password} - glance::keystone::auth::public_url: {get_input: glance_public_url } - glance::keystone::auth::internal_url: {get_input: glance_internal_url } - glance::keystone::auth::admin_url: {get_input: glance_admin_url } - glance::keystone::auth::password: {get_input: glance_password } - glance::keystone::auth::region: {get_input: keystone_region} glance_file_pcmk_device: {get_input: glance_file_pcmk_device} glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} @@ -1378,11 +1159,6 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} - heat::keystone::auth::public_url: {get_input: heat_public_url } - heat::keystone::auth::internal_url: {get_input: heat_internal_url } - heat::keystone::auth::admin_url: {get_input: heat_admin_url } - heat::keystone::auth::password: {get_input: heat_password } - heat::keystone::auth::region: {get_input: keystone_region} # Keystone keystone::admin_token: {get_input: admin_token} @@ -1464,11 +1240,6 @@ resources: neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} - neutron::keystone::auth::public_url: {get_input: neutron_public_url } - neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } - neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } - neutron::keystone::auth::password: {get_input: neutron_password } - neutron::keystone::auth::region: {get_input: keystone_region} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -1487,11 +1258,6 @@ resources: ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::db::mysql::password: {get_input: ceilometer_password} - ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } - ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } - ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } - ceilometer::keystone::auth::password: {get_input: ceilometer_password } - ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1510,21 +1276,10 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_internal_url} + nova::network::neutron::neutron_url: {get_input: neutron_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} - nova::keystone::auth::public_url: {get_input: nova_public_url} - nova::keystone::auth::internal_url: {get_input: nova_internal_url} - nova::keystone::auth::admin_url: {get_input: nova_admin_url} - nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url} - nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url} - nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url} - nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url} - nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url} - nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url} - nova::keystone::auth::password: {get_input: nova_password } - nova::keystone::auth::region: {get_input: keystone_region} # Horizon apache::ip: {get_input: horizon_network} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 07bfe543..81ee7cfb 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -39,13 +39,6 @@ cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' -glance::keystone::auth::tenant: 'service' -nova::keystone::auth::tenant: 'service' -neutron::keystone::auth::tenant: 'service' -cinder::keystone::auth::tenant: 'service' -swift::keystone::auth::tenant: 'service' -ceilometer::keystone::auth::tenant: 'service' -heat::keystone::auth::tenant: 'service' # keystone keystone::cron::token_flush::maxdelay: 3600 @@ -67,10 +60,6 @@ swift::proxy::pipeline: - 'proxy-server' swift::proxy::account_autocreate: true -swift::keystone::auth::configure_s3_endpoint: false -swift::keystone::auth::operator_roles: - - admin - - swiftoperator # glance glance::api::pipeline: 'keystone' @@ -88,7 +77,6 @@ nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true nova::scheduler::filter::ram_allocation_ratio: '1.0' -nova::keystone::auth::configure_ec2_endpoint: false # ceilometer ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 96302f2e..813309e4 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -484,15 +484,6 @@ if hiera('step') >= 3 { if hiera('step') >= 4 { include ::keystone::cron::token_flush - - include ::ceilometer::keystone::auth - include ::cinder::keystone::auth - include ::glance::keystone::auth - include ::heat::keystone::auth - include ::neutron::keystone::auth - include ::nova::keystone::auth - include ::swift::keystone::auth - } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 462530e9..71811563 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -1557,27 +1557,6 @@ if hiera('step') >= 5 { } -> class {'::keystone::endpoint' : require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::ceilometer::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::cinder::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::glance::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::heat::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::neutron::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::nova::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], - } -> - class { '::swift::keystone::auth' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], } } -- cgit 1.2.3-korg