Specify default domain in fuel::keystone manifest

Since Kilo Keystone provides v3 API that allows
to organize users, groups, projects into domains.
This change specifies default domain
explicitly while calling ::keystone class and then
use this name while calling keystone_* resources.

Besides, we use here exec 'keystone-manage bootstrap || true'
which is necessary to pass deployment test. On CI we
use the version of keystone which does not provide
bootstrap command.

Change-Id: Ia6d9e3aede97643a6ceb1637e6777f2e6cd49ee7
Closes-Bug: #1555742

deployment/puppet/fuel/manifests/auth.pp

@@ -18,6 +18,7 @@ class fuel::auth(
   $auth_name        = $::fuel::params::keystone_nailgun_user,
   $password         = $::fuel::params::keystone_nailgun_password,
   $address          = $::fuel::params::keystone_host,
+  $keystone_domain  = $::fuel::params::keystone_domain,
   $internal_address = undef,
   $admin_address    = undef,
   $public_address   = undef,
@@ -46,23 +47,28 @@ class fuel::auth(
     ensure   => present,
     enabled  => 'True',
     password => $password,
+    domain   => $keystone_domain,
   }
 
   keystone_user_role { "${auth_name}@services":
-    ensure => present,
-    roles  => 'admin',
+    ensure         => present,
+    roles          => ['admin'],
+    user_domain    => $keystone_domain,
+    project_domain => $keystone_domain,
   }
 
   keystone_service { 'nailgun':
     ensure      => present,
     type        => 'fuel',
     description => 'Nailgun API',
-  }
+ }
 
   keystone_endpoint { "$region/nailgun":
     ensure       => present,
     public_url   => "http://${public_address_real}:${port}/api",
     admin_url    => "http://${admin_address_real}:${port}/api",
     internal_url => "http://${internal_address_real}:${port}/api",
+    type         => 'fuel',
+    require      => Keystone_Service['nailgun'],
   }
 }

deployment/puppet/fuel/manifests/keystone.pp

@@ -2,6 +2,7 @@ class fuel::keystone (
   $host              = $::fuel::params::keystone_host,
   $port              = $::fuel::params::keystone_port,
   $admin_port        = $::fuel::params::keystone_admin_port,
+  $keystone_domain   = $::fuel::params::keystone_domain,
 
   $db_engine         = $::fuel::params::db_engine,
   $db_host           = $::fuel::params::db_host,
@@ -32,12 +33,20 @@ class fuel::keystone (
   class { '::keystone':
     # (TODO iberezovskiy): Set 'enable_bootstrap' to true when MOS packages will
     # be updated and 'keystone-manage bootstrap' command will be available
-    enable_bootstrap => false,
-    admin_token      => $admin_token,
-    catalog_type     => 'sql',
-    database_connection   => "${db_engine}://${db_user}:${db_password}@${db_host}:${db_port}/${db_name}",
-    token_expiration => 86400,
-    token_provider   => 'keystone.token.providers.uuid.Provider',
+    enable_bootstrap     => false,
+    admin_token          => $admin_token,
+    catalog_type         => 'sql',
+    database_connection  => "${db_engine}://${db_user}:${db_password}@${db_host}:${db_port}/${db_name}",
+    token_expiration     => 86400,
+    token_provider       => 'keystone.token.providers.uuid.Provider',
+    default_domain       => $keystone_domain,
+  }
+
+  # FIXME(kozhukalov): Remove this hack and use enable_bootstrap instead
+  # once patch is merged and test envs are updated with the ISO
+  # that contains Mitaka keystone rpm package.
+  Exec <| title == 'keystone-manage bootstrap' |> {
+    command => "keystone-manage bootstrap --bootstrap-password ${admin_token} || true"
   }
 
   #FIXME(mattymo): We should enable db_sync on every run inside keystone,
@@ -51,12 +60,14 @@ class fuel::keystone (
   keystone_tenant { 'admin':
     ensure  => present,
     enabled => 'True',
+    domain  => $keystone_domain,
   }
 
   keystone_tenant { 'services':
     ensure      => present,
     enabled     => 'True',
     description => 'fuel services tenant',
+    domain      => $keystone_domain,
   }
 
   # Creating roles
@@ -76,12 +87,15 @@ class fuel::keystone (
     password        => $admin_password,
     enabled         => 'True',
     replace_password => false,
+    domain          => $keystone_domain,
   }
 
   # assigning role 'admin' to user 'admin' in tenant 'admin'
   keystone_user_role { "${admin_user}@admin":
-    ensure  => present,
-    roles   => ['admin'],
+    ensure         => present,
+    roles          => ['admin'],
+    user_domain    => $keystone_domain,
+    project_domain => $keystone_domain,
   }
 
   # Monitord user
@@ -90,11 +104,14 @@ class fuel::keystone (
     password => $monitord_password,
     enabled  => 'True',
     email    => 'monitord@localhost',
+    domain   => $keystone_domain,
   }
 
   keystone_user_role { "${monitord_user}@services":
-    ensure  => present,
-    roles   => ['monitoring'],
+    ensure         => present,
+    roles          => ['monitoring'],
+    user_domain    => $keystone_domain,
+    project_domain => $keystone_domain,
   }
 
   # Keystone Endpoint
@@ -106,16 +123,18 @@ class fuel::keystone (
 
   # Nailgun
   class { 'fuel::auth':
-    auth_name => $nailgun_user,
-    password  => $nailgun_password,
-    address   => $host,
+    auth_name       => $nailgun_user,
+    password        => $nailgun_password,
+    address         => $host,
+    keystone_domain => $keystone_domain,
   }
 
   # OSTF
   class { 'fuel::ostf::auth':
-    auth_name => $ostf_user,
-    password  => $ostf_password,
-    address   => $host,
+    auth_name       => $ostf_user,
+    password        => $ostf_password,
+    address         => $host,
+    keystone_domain => $keystone_domain,
   }
 
   service { 'crond':

deployment/puppet/fuel/manifests/ostf/auth.pp

@@ -18,6 +18,7 @@ class fuel::ostf::auth (
   $auth_name        = $::fuel::params::keystone_ostf_user,
   $password         = $::fuel::params::keystone_ostf_password,
   $address          = $::fuel::params::keystone_host,
+  $keystone_domain  = $::fuel::params::keystone_domain,
   $internal_address = undef,
   $admin_address    = undef,
   $public_address   = undef,
@@ -46,11 +47,14 @@ class fuel::ostf::auth (
     ensure   => present,
     enabled  => 'True',
     password => $password,
+    domain   => $keystone_domain,
   }
 
   keystone_user_role { "${auth_name}@services":
-    ensure => present,
-    roles  => 'admin',
+    ensure         => present,
+    roles          => ['admin'],
+    user_domain    => $keystone_domain,
+    project_domain => $keystone_domain,
   }
 
   keystone_service { 'ostf':
@@ -64,5 +68,7 @@ class fuel::ostf::auth (
     public_url   => "http://${public_address_real}:${port}/ostf",
     admin_url    => "http://${admin_address_real}:${port}/ostf",
     internal_url => "http://${internal_address_real}:${port}/ostf",
+    type         => 'ostf',
+    require      => Keystone_Service['ostf'],
   }
 }

deployment/puppet/fuel/manifests/params.pp

@@ -21,6 +21,7 @@ class fuel::params {
   $keystone_host              = '127.0.0.1'
   $keystone_port              = '5000'
   $keystone_admin_port        = '35357'
+  $keystone_domain            = 'fuel'
 
   $keystone_admin_user        = 'admin'
   $keystone_admin_password    = 'admin'