Merge "Move admin user and openrc up so that its not relied on"
This commit is contained in:
commit
ed68c7270a
@ -78,9 +78,6 @@ class openstack::controller (
|
||||
# Required Database
|
||||
$mysql_root_password = 'sql_pass',
|
||||
$custom_mysql_setup_class = undef,
|
||||
$admin_email = 'some_user@some_fake_email_address.foo',
|
||||
$admin_user = 'admin',
|
||||
$admin_password = 'ChangeMe',
|
||||
$keystone_db_password = 'keystone_pass',
|
||||
$keystone_admin_token = 'keystone_admin_token',
|
||||
# Required Glance
|
||||
@ -276,10 +273,6 @@ class openstack::controller (
|
||||
db_name => $keystone_db_dbname,
|
||||
db_user => $keystone_db_user,
|
||||
admin_token => $keystone_admin_token,
|
||||
admin_tenant => $keystone_admin_tenant,
|
||||
admin_email => $admin_email,
|
||||
admin_user => $admin_user,
|
||||
admin_password => $admin_password,
|
||||
public_address => $public_address,
|
||||
internal_address => $internal_address,
|
||||
admin_address => $admin_address,
|
||||
@ -546,13 +539,6 @@ class openstack::controller (
|
||||
master_ip => hiera('master_ip'),
|
||||
}
|
||||
|
||||
class { 'openstack::auth_file':
|
||||
admin_user => $admin_user,
|
||||
admin_password => $admin_password,
|
||||
admin_tenant => $keystone_admin_tenant,
|
||||
controller_node => $internal_address,
|
||||
}
|
||||
|
||||
####### Disable upstart startup on install #######
|
||||
if($::operatingsystem == 'Ubuntu') {
|
||||
tweaks::ubuntu_service_override { 'glance-api':
|
||||
|
@ -20,9 +20,6 @@ class openstack::controller_ha (
|
||||
$network_size = 255,
|
||||
$auto_assign_floating_ip = false,
|
||||
$mysql_root_password,
|
||||
$admin_email,
|
||||
$admin_user = 'admin',
|
||||
$admin_password,
|
||||
$keystone_admin_tenant = 'admin',
|
||||
$keystone_db_password,
|
||||
$keystone_admin_token,
|
||||
|
@ -8,15 +8,12 @@
|
||||
# [db_host] Host where DB resides. Required.
|
||||
# [keystone_db_password] Password for keystone DB. Required.
|
||||
# [keystone_admin_token]. Auth token for keystone admin. Required.
|
||||
# [admin_email] Email address of system admin. Required.
|
||||
# [admin_password]
|
||||
# [glance_user_password] Auth password for glance user. Required.
|
||||
# [nova_user_password] Auth password for nova user. Required.
|
||||
# [public_address] Public address where keystone can be accessed. Required.
|
||||
# [db_type] Type of DB used. Currently only supports mysql. Optional. Defaults to 'mysql'
|
||||
# [keystone_db_user] Name of keystone db user. Optional. Defaults to 'keystone'
|
||||
# [keystone_db_dbname] Name of keystone DB. Optional. Defaults to 'keystone'
|
||||
# [keystone_admin_tenant] Name of keystone admin tenant. Optional. Defaults to 'admin'
|
||||
# [verbose] Rather to print more verbose (INFO+) output. Optional. Defaults to false.
|
||||
# [debug] Rather to print even more verbose (DEBUG+) output. If true, would ignore verbose option.
|
||||
# Optional. Defaults to false.
|
||||
@ -50,9 +47,6 @@ class openstack::keystone (
|
||||
$db_host,
|
||||
$db_password,
|
||||
$admin_token,
|
||||
$admin_email,
|
||||
$admin_user = 'admin',
|
||||
$admin_password,
|
||||
$glance_user_password,
|
||||
$nova_user_password,
|
||||
$cinder_user_password,
|
||||
@ -62,7 +56,6 @@ class openstack::keystone (
|
||||
$db_type = 'mysql',
|
||||
$db_user = 'keystone',
|
||||
$db_name = 'keystone',
|
||||
$admin_tenant = 'admin',
|
||||
$verbose = false,
|
||||
$debug = false,
|
||||
$public_bind_host = '0.0.0.0',
|
||||
@ -313,13 +306,6 @@ class openstack::keystone (
|
||||
|
||||
if ($enabled) {
|
||||
# Setup the admin user
|
||||
class { 'keystone::roles::admin':
|
||||
admin => $admin_user,
|
||||
email => $admin_email,
|
||||
password => $admin_password,
|
||||
admin_tenant => $admin_tenant,
|
||||
}
|
||||
Exec <| title == 'keystone-manage db_sync' |> -> Class['keystone::roles::admin']
|
||||
|
||||
# Setup the Keystone Identity Endpoint
|
||||
class { 'keystone::endpoint':
|
||||
|
@ -242,9 +242,6 @@ class { '::openstack::controller':
|
||||
galera_nodes => $controller_nodes,
|
||||
novnc_address => $internal_address,
|
||||
mysql_skip_name_resolve => true,
|
||||
admin_email => $access_hash[email],
|
||||
admin_user => $access_hash[user],
|
||||
admin_password => $access_hash[password],
|
||||
keystone_db_password => $keystone_hash[db_password],
|
||||
keystone_admin_token => $keystone_hash[admin_token],
|
||||
keystone_admin_tenant => $access_hash[tenant],
|
||||
@ -330,6 +327,31 @@ class { '::openstack::controller':
|
||||
idle_timeout => $idle_timeout,
|
||||
}
|
||||
|
||||
# NOTE(xarses): keystone::roles:admin is the admin user for the enduser
|
||||
# no service should use it. It was moved out here to make it so that the admin
|
||||
# user_nmae and admin_password are cant be mistakenly used elsewhere in the
|
||||
# manifests
|
||||
|
||||
class { 'keystone::roles::admin':
|
||||
admin => $access_hash[user],
|
||||
password => $access_hash[password],
|
||||
email => $access_hash[email],
|
||||
admin_tenant => $access_hash[tenant],
|
||||
}
|
||||
|
||||
class { 'openstack::auth_file':
|
||||
admin_user => $access_hash[user],
|
||||
admin_password => $access_hash[password],
|
||||
admin_tenant => $access_hash[tenant],
|
||||
controller_node => $internal_address,
|
||||
}
|
||||
|
||||
Exec <| title == 'keystone-manage db_sync' |> ->
|
||||
Class['Keystone::Roles::Admin'] ->
|
||||
Class['Openstack::Auth_file']
|
||||
|
||||
|
||||
|
||||
package { 'socat': ensure => present }
|
||||
|
||||
#TODO: PUT this configuration stanza into nova class
|
||||
|
Loading…
Reference in New Issue
Block a user