Merge "Move admin user and openrc up so that its not relied on"

deployment/puppet/openstack/manifests/controller.pp

@@ -78,9 +78,6 @@ class openstack::controller (
   # Required Database
   $mysql_root_password            = 'sql_pass',
   $custom_mysql_setup_class       = undef,
-  $admin_email                    = 'some_user@some_fake_email_address.foo',
-  $admin_user                     = 'admin',
-  $admin_password                 = 'ChangeMe',
   $keystone_db_password           = 'keystone_pass',
   $keystone_admin_token           = 'keystone_admin_token',
   # Required Glance
@@ -276,10 +273,6 @@ class openstack::controller (
     db_name                   => $keystone_db_dbname,
     db_user                   => $keystone_db_user,
     admin_token               => $keystone_admin_token,
-    admin_tenant              => $keystone_admin_tenant,
-    admin_email               => $admin_email,
-    admin_user                => $admin_user,
-    admin_password            => $admin_password,
     public_address            => $public_address,
     internal_address          => $internal_address,
     admin_address             => $admin_address,
@@ -546,13 +539,6 @@ class openstack::controller (
     master_ip => hiera('master_ip'),
   }
 
-  class { 'openstack::auth_file':
-    admin_user           => $admin_user,
-    admin_password       => $admin_password,
-    admin_tenant         => $keystone_admin_tenant,
-    controller_node      => $internal_address,
-  }
-
   ####### Disable upstart startup on install #######
   if($::operatingsystem == 'Ubuntu') {
     tweaks::ubuntu_service_override { 'glance-api':

deployment/puppet/openstack/manifests/controller_ha.pp

@@ -20,9 +20,6 @@ class openstack::controller_ha (
    $network_size                   = 255,
    $auto_assign_floating_ip = false,
    $mysql_root_password,
-   $admin_email,
-   $admin_user                     = 'admin',
-   $admin_password,
    $keystone_admin_tenant          = 'admin',
    $keystone_db_password,
    $keystone_admin_token,

deployment/puppet/openstack/manifests/keystone.pp

@@ -8,15 +8,12 @@
 # [db_host] Host where DB resides. Required.
 # [keystone_db_password] Password for keystone DB. Required.
 # [keystone_admin_token]. Auth token for keystone admin. Required.
-# [admin_email] Email address of system admin. Required.
-# [admin_password]
 # [glance_user_password] Auth password for glance user. Required.
 # [nova_user_password] Auth password for nova user. Required.
 # [public_address] Public address where keystone can be accessed. Required.
 # [db_type] Type of DB used. Currently only supports mysql. Optional. Defaults to  'mysql'
 # [keystone_db_user] Name of keystone db user. Optional. Defaults to  'keystone'
 # [keystone_db_dbname] Name of keystone DB. Optional. Defaults to  'keystone'
-# [keystone_admin_tenant] Name of keystone admin tenant. Optional. Defaults to  'admin'
 # [verbose] Rather to print more verbose (INFO+) output. Optional. Defaults to false.
 # [debug] Rather to print even more verbose (DEBUG+) output. If true, would ignore verbose option.
 #    Optional. Defaults to false.
@@ -50,9 +47,6 @@ class openstack::keystone (
   $db_host,
   $db_password,
   $admin_token,
-  $admin_email,
-  $admin_user                  = 'admin',
-  $admin_password,
   $glance_user_password,
   $nova_user_password,
   $cinder_user_password,
@@ -62,7 +56,6 @@ class openstack::keystone (
   $db_type                     = 'mysql',
   $db_user                     = 'keystone',
   $db_name                     = 'keystone',
-  $admin_tenant                = 'admin',
   $verbose                     = false,
   $debug                       = false,
   $public_bind_host            = '0.0.0.0',
@@ -313,13 +306,6 @@ class openstack::keystone (
 
   if ($enabled) {
     # Setup the admin user
-    class { 'keystone::roles::admin':
-      admin        => $admin_user,
-      email        => $admin_email,
-      password     => $admin_password,
-      admin_tenant => $admin_tenant,
-    }
-    Exec <| title == 'keystone-manage db_sync' |> -> Class['keystone::roles::admin']
 
     # Setup the Keystone Identity Endpoint
     class { 'keystone::endpoint':

deployment/puppet/osnailyfacter/modular/openstack-controller/openstack-controller.pp

@@ -242,9 +242,6 @@ class { '::openstack::controller':
   galera_nodes                   => $controller_nodes,
   novnc_address                  => $internal_address,
   mysql_skip_name_resolve        => true,
-  admin_email                    => $access_hash[email],
-  admin_user                     => $access_hash[user],
-  admin_password                 => $access_hash[password],
   keystone_db_password           => $keystone_hash[db_password],
   keystone_admin_token           => $keystone_hash[admin_token],
   keystone_admin_tenant          => $access_hash[tenant],
@@ -330,6 +327,31 @@ class { '::openstack::controller':
   idle_timeout                   => $idle_timeout,
 }
 
+# NOTE(xarses): keystone::roles:admin is the admin user for the enduser
+# no service should use it. It was moved out here to make it so that the admin
+# user_nmae and admin_password are cant be mistakenly used elsewhere in the
+# manifests
+
+class { 'keystone::roles::admin':
+  admin        => $access_hash[user],
+  password     => $access_hash[password],
+  email        => $access_hash[email],
+  admin_tenant => $access_hash[tenant],
+}
+
+class { 'openstack::auth_file':
+  admin_user           => $access_hash[user],
+  admin_password       => $access_hash[password],
+  admin_tenant         => $access_hash[tenant],
+  controller_node      => $internal_address,
+}
+
+Exec <| title == 'keystone-manage db_sync' |> ->
+ Class['Keystone::Roles::Admin'] ->
+  Class['Openstack::Auth_file']
+
+
+
 package { 'socat': ensure => present }
 
 #TODO: PUT this configuration stanza into nova class