From b60e8f79a26564b567f7620727428da50d7815b5 Mon Sep 17 00:00:00 2001
From: Yanis Guenane <yguenane@redhat.com>
Date: Fri, 2 Oct 2015 12:18:08 +0200
Subject: Create keystone roles and admin user from t-h-t manifests

Currently keystone initialization happens via os-cloud-config [1].

This commit moves some of that directly into the manifests. This is the
first in a series of two changes to migrate it entirely into t-h-t.

This change focus on implementing what keystone.initialize() was doing
on the tripleoclient [2], creates the admin tenant, user and roles.

It also creates the keystone endpoint itself.

1.  https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L128-L158
2.  https://github.com/openstack/python-tripleoclient/blob/master/tripleoclient/v1/overcloud_deploy.py#L462-L527

Change-Id: I98555b707ff9b91c6e218de5dca68106ea05c8ea
Depends-On: Ia4b3244f114dcff746ab89d355ad4933f8fdbddf
---
 puppet/manifests/overcloud_controller_pacemaker.pp | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'puppet/manifests/overcloud_controller_pacemaker.pp')

diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 38ee9c39..71811563 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -919,7 +919,11 @@ if hiera('step') >= 4 {
 
     # Keystone
     pacemaker::resource::service { $::keystone::params::service_name :
-      clone_params => "interleave=true",
+      clone_params     => "interleave=true",
+      verify_on_create => true,
+      require          => [File['/etc/keystone/ssl/certs/ca.pem'],
+                           File['/etc/keystone/ssl/private/signing_key.pem'],
+                           File['/etc/keystone/ssl/certs/signing_cert.pem']],
     }
 
     pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
@@ -1544,5 +1548,20 @@ if hiera('step') >= 4 {
 
 } #END STEP 4
 
+if hiera('step') >= 5 {
+
+  if $pacemaker_master {
+
+    class {'::keystone::roles::admin' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    } ->
+    class {'::keystone::endpoint' :
+      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+    }
+
+  }
+
+} #END STEP 5
+
 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
 package_manifest{$package_manifest_name: ensure => present}
-- 
cgit 1.2.3-korg