Specify default domain in fuel::keystone manifest
Since Kilo Keystone provides v3 API that allows to organize users, groups, projects into domains. This change specifies default domain explicitly while calling ::keystone class and then use this name while calling keystone_* resources. Besides, we use here exec 'keystone-manage bootstrap || true' which is necessary to pass deployment test. On CI we use the version of keystone which does not provide bootstrap command. Change-Id: Ia6d9e3aede97643a6ceb1637e6777f2e6cd49ee7 Closes-Bug: #1555742
This commit is contained in:
parent
7ffaea78d5
commit
798e730f6f
|
@ -18,6 +18,7 @@ class fuel::auth(
|
|||
$auth_name = $::fuel::params::keystone_nailgun_user,
|
||||
$password = $::fuel::params::keystone_nailgun_password,
|
||||
$address = $::fuel::params::keystone_host,
|
||||
$keystone_domain = $::fuel::params::keystone_domain,
|
||||
$internal_address = undef,
|
||||
$admin_address = undef,
|
||||
$public_address = undef,
|
||||
|
@ -46,23 +47,28 @@ class fuel::auth(
|
|||
ensure => present,
|
||||
enabled => 'True',
|
||||
password => $password,
|
||||
domain => $keystone_domain,
|
||||
}
|
||||
|
||||
keystone_user_role { "${auth_name}@services":
|
||||
ensure => present,
|
||||
roles => 'admin',
|
||||
ensure => present,
|
||||
roles => ['admin'],
|
||||
user_domain => $keystone_domain,
|
||||
project_domain => $keystone_domain,
|
||||
}
|
||||
|
||||
keystone_service { 'nailgun':
|
||||
ensure => present,
|
||||
type => 'fuel',
|
||||
description => 'Nailgun API',
|
||||
}
|
||||
}
|
||||
|
||||
keystone_endpoint { "$region/nailgun":
|
||||
ensure => present,
|
||||
public_url => "http://${public_address_real}:${port}/api",
|
||||
admin_url => "http://${admin_address_real}:${port}/api",
|
||||
internal_url => "http://${internal_address_real}:${port}/api",
|
||||
type => 'fuel',
|
||||
require => Keystone_Service['nailgun'],
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@ class fuel::keystone (
|
|||
$host = $::fuel::params::keystone_host,
|
||||
$port = $::fuel::params::keystone_port,
|
||||
$admin_port = $::fuel::params::keystone_admin_port,
|
||||
$keystone_domain = $::fuel::params::keystone_domain,
|
||||
|
||||
$db_engine = $::fuel::params::db_engine,
|
||||
$db_host = $::fuel::params::db_host,
|
||||
|
@ -32,12 +33,20 @@ class fuel::keystone (
|
|||
class { '::keystone':
|
||||
# (TODO iberezovskiy): Set 'enable_bootstrap' to true when MOS packages will
|
||||
# be updated and 'keystone-manage bootstrap' command will be available
|
||||
enable_bootstrap => false,
|
||||
admin_token => $admin_token,
|
||||
catalog_type => 'sql',
|
||||
database_connection => "${db_engine}://${db_user}:${db_password}@${db_host}:${db_port}/${db_name}",
|
||||
token_expiration => 86400,
|
||||
token_provider => 'keystone.token.providers.uuid.Provider',
|
||||
enable_bootstrap => false,
|
||||
admin_token => $admin_token,
|
||||
catalog_type => 'sql',
|
||||
database_connection => "${db_engine}://${db_user}:${db_password}@${db_host}:${db_port}/${db_name}",
|
||||
token_expiration => 86400,
|
||||
token_provider => 'keystone.token.providers.uuid.Provider',
|
||||
default_domain => $keystone_domain,
|
||||
}
|
||||
|
||||
# FIXME(kozhukalov): Remove this hack and use enable_bootstrap instead
|
||||
# once patch is merged and test envs are updated with the ISO
|
||||
# that contains Mitaka keystone rpm package.
|
||||
Exec <| title == 'keystone-manage bootstrap' |> {
|
||||
command => "keystone-manage bootstrap --bootstrap-password ${admin_token} || true"
|
||||
}
|
||||
|
||||
#FIXME(mattymo): We should enable db_sync on every run inside keystone,
|
||||
|
@ -51,12 +60,14 @@ class fuel::keystone (
|
|||
keystone_tenant { 'admin':
|
||||
ensure => present,
|
||||
enabled => 'True',
|
||||
domain => $keystone_domain,
|
||||
}
|
||||
|
||||
keystone_tenant { 'services':
|
||||
ensure => present,
|
||||
enabled => 'True',
|
||||
description => 'fuel services tenant',
|
||||
domain => $keystone_domain,
|
||||
}
|
||||
|
||||
# Creating roles
|
||||
|
@ -76,12 +87,15 @@ class fuel::keystone (
|
|||
password => $admin_password,
|
||||
enabled => 'True',
|
||||
replace_password => false,
|
||||
domain => $keystone_domain,
|
||||
}
|
||||
|
||||
# assigning role 'admin' to user 'admin' in tenant 'admin'
|
||||
keystone_user_role { "${admin_user}@admin":
|
||||
ensure => present,
|
||||
roles => ['admin'],
|
||||
ensure => present,
|
||||
roles => ['admin'],
|
||||
user_domain => $keystone_domain,
|
||||
project_domain => $keystone_domain,
|
||||
}
|
||||
|
||||
# Monitord user
|
||||
|
@ -90,11 +104,14 @@ class fuel::keystone (
|
|||
password => $monitord_password,
|
||||
enabled => 'True',
|
||||
email => 'monitord@localhost',
|
||||
domain => $keystone_domain,
|
||||
}
|
||||
|
||||
keystone_user_role { "${monitord_user}@services":
|
||||
ensure => present,
|
||||
roles => ['monitoring'],
|
||||
ensure => present,
|
||||
roles => ['monitoring'],
|
||||
user_domain => $keystone_domain,
|
||||
project_domain => $keystone_domain,
|
||||
}
|
||||
|
||||
# Keystone Endpoint
|
||||
|
@ -106,16 +123,18 @@ class fuel::keystone (
|
|||
|
||||
# Nailgun
|
||||
class { 'fuel::auth':
|
||||
auth_name => $nailgun_user,
|
||||
password => $nailgun_password,
|
||||
address => $host,
|
||||
auth_name => $nailgun_user,
|
||||
password => $nailgun_password,
|
||||
address => $host,
|
||||
keystone_domain => $keystone_domain,
|
||||
}
|
||||
|
||||
# OSTF
|
||||
class { 'fuel::ostf::auth':
|
||||
auth_name => $ostf_user,
|
||||
password => $ostf_password,
|
||||
address => $host,
|
||||
auth_name => $ostf_user,
|
||||
password => $ostf_password,
|
||||
address => $host,
|
||||
keystone_domain => $keystone_domain,
|
||||
}
|
||||
|
||||
service { 'crond':
|
||||
|
|
|
@ -18,6 +18,7 @@ class fuel::ostf::auth (
|
|||
$auth_name = $::fuel::params::keystone_ostf_user,
|
||||
$password = $::fuel::params::keystone_ostf_password,
|
||||
$address = $::fuel::params::keystone_host,
|
||||
$keystone_domain = $::fuel::params::keystone_domain,
|
||||
$internal_address = undef,
|
||||
$admin_address = undef,
|
||||
$public_address = undef,
|
||||
|
@ -46,11 +47,14 @@ class fuel::ostf::auth (
|
|||
ensure => present,
|
||||
enabled => 'True',
|
||||
password => $password,
|
||||
domain => $keystone_domain,
|
||||
}
|
||||
|
||||
keystone_user_role { "${auth_name}@services":
|
||||
ensure => present,
|
||||
roles => 'admin',
|
||||
ensure => present,
|
||||
roles => ['admin'],
|
||||
user_domain => $keystone_domain,
|
||||
project_domain => $keystone_domain,
|
||||
}
|
||||
|
||||
keystone_service { 'ostf':
|
||||
|
@ -64,5 +68,7 @@ class fuel::ostf::auth (
|
|||
public_url => "http://${public_address_real}:${port}/ostf",
|
||||
admin_url => "http://${admin_address_real}:${port}/ostf",
|
||||
internal_url => "http://${internal_address_real}:${port}/ostf",
|
||||
type => 'ostf',
|
||||
require => Keystone_Service['ostf'],
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,6 +21,7 @@ class fuel::params {
|
|||
$keystone_host = '127.0.0.1'
|
||||
$keystone_port = '5000'
|
||||
$keystone_admin_port = '35357'
|
||||
$keystone_domain = 'fuel'
|
||||
|
||||
$keystone_admin_user = 'admin'
|
||||
$keystone_admin_password = 'admin'
|
||||
|
|
Loading…
Reference in New Issue