From 48146252c9130c1cc9eadbf09d0a80b841cbef72 Mon Sep 17 00:00:00 2001 From: Martin Mágr Date: Mon, 2 Mar 2015 11:04:20 +0100 Subject: Keystone domain for Heat This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. This patch won't be fully functional without either python-keystoneclient fix [1] or workaround [2]. [1] https://bugs.launchpad.net/python-keystoneclient/+bug/1452298 [2] https://review.openstack.org/180563 Change-Id: Ie9cdd518b299c141f0fdbb3441a7761c27321a88 Co-Authored-By: Jiri Stransky Depends-On: Ic541f11978908f9344e5590f3961f0d31c04bb0c --- puppet/manifests/overcloud_controller.pp | 17 +++++++++++++++++ puppet/manifests/overcloud_controller_pacemaker.pp | 10 ++++++++++ 2 files changed, 27 insertions(+) (limited to 'puppet/manifests') diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index ecab5b5a..87c339a7 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -638,6 +638,23 @@ if hiera('step') >= 4 { if $heat_enable_db_purge { include ::heat::cron::purge_deleted } + + if downcase(hiera('bootstrap_nodeid')) == $::hostname { + include ::keystone::roles::admin + # Class ::heat::keystone::domain has to run on bootstrap node + # because it creates DB entities via API calls. + include ::heat::keystone::domain + + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } else { + # On non-bootstrap node we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } + } + } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index abc0543f..bbba99e4 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -1825,6 +1825,16 @@ if hiera('step') >= 5 { class {'::keystone::endpoint' : require => Pacemaker::Resource::Service[$::apache::params::service_name], } + include ::heat::keystone::domain + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + + } else { + # On non-master controller we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } } } #END STEP 5 -- cgit 1.2.3-korg