Merge "Add a new parameter to enable/disable bootstrap"

2020-10-29 04:53:23 +00:00 · 2020-10-29 04:53:23 +00:00 · 7f6b218341
commit 7f6b218341
parent 3cb756cb94 b8515bc3e4
3 changed files with 117 additions and 63 deletions
--- a/manifests/bootstrap.pp
+++ b/manifests/bootstrap.pp
@ -54,6 +54,10 @@
 #   (Optional) Which interface endpoint should be used.
 #    Defaults to 'public'
 #
+# [*bootstrap*]
+#   (Optional) Whether to run keystone-manage bootstrap command.
+#   Defaults to true
+#
 class keystone::bootstrap (
  $password,
  $username             = 'admin',
@ -67,6 +71,7 @@ class keystone::bootstrap (
  $internal_url         = undef,
  $region               = 'RegionOne',
  $interface            = 'public',
+  $bootstrap            = true,
 ) inherits keystone::params {

  include keystone::deps
@ -82,71 +87,73 @@ class keystone::bootstrap (
    $keystone_user = $::keystone::params::keystone_user
  }

-  # The initial bootstrap that creates all resources required but
-  # only subscribes to notifies from the keystone::dbsync::end anchor
-  # which means this is not guaranteed to execute on each run.
-  exec { 'keystone bootstrap':
-    command     => 'keystone-manage bootstrap',
-    environment => [
-      "OS_BOOTSTRAP_USERNAME=${username}",
-      "OS_BOOTSTRAP_PASSWORD=${password}",
-      "OS_BOOTSTRAP_PROJECT_NAME=${project_name}",
-      "OS_BOOTSTRAP_ROLE_NAME=${role_name}",
-      "OS_BOOTSTRAP_SERVICE_NAME=${service_name}",
-      "OS_BOOTSTRAP_ADMIN_URL=${admin_url}",
-      "OS_BOOTSTRAP_PUBLIC_URL=${public_url}",
-      "OS_BOOTSTRAP_INTERNAL_URL=${internal_url_real}",
-      "OS_BOOTSTRAP_REGION_ID=${region}",
-    ],
-    user        => $keystone_user,
-    path        => '/usr/bin',
-    refreshonly => true,
-    subscribe   => Anchor['keystone::dbsync::end'],
-    notify      => Anchor['keystone::service::begin'],
-    tag         => 'keystone-bootstrap',
+  if $bootstrap {
+    # The initial bootstrap that creates all resources required but
+    # only subscribes to notifies from the keystone::dbsync::end anchor
+    # which means this is not guaranteed to execute on each run.
+    exec { 'keystone bootstrap':
+      command     => 'keystone-manage bootstrap',
+      environment => [
+        "OS_BOOTSTRAP_USERNAME=${username}",
+        "OS_BOOTSTRAP_PASSWORD=${password}",
+        "OS_BOOTSTRAP_PROJECT_NAME=${project_name}",
+        "OS_BOOTSTRAP_ROLE_NAME=${role_name}",
+        "OS_BOOTSTRAP_SERVICE_NAME=${service_name}",
+        "OS_BOOTSTRAP_ADMIN_URL=${admin_url}",
+        "OS_BOOTSTRAP_PUBLIC_URL=${public_url}",
+        "OS_BOOTSTRAP_INTERNAL_URL=${internal_url_real}",
+        "OS_BOOTSTRAP_REGION_ID=${region}",
+      ],
+      user        => $keystone_user,
+      path        => '/usr/bin',
+      refreshonly => true,
+      subscribe   => Anchor['keystone::dbsync::end'],
+      notify      => Anchor['keystone::service::begin'],
+      tag         => 'keystone-bootstrap',
+    }
+
+    # Since the bootstrap is not guaranteed to execute on each run we
+    # use the below resources to make sure the current resources are
+    # correct so if some value was updated we set that.
+
+    ensure_resource('keystone_role', $role_name, {
+      'ensure' => 'present',
+    })
+
+    ensure_resource('keystone_user', $username, {
+      'ensure'   => 'present',
+      'enabled'  => true,
+      'email'    => $email,
+      'password' => $password,
+    })
+
+    ensure_resource('keystone_tenant', $service_project_name, {
+      'ensure'  => 'present',
+      'enabled' => true,
+    })
+
+    ensure_resource('keystone_tenant', $project_name, {
+      'ensure'  => 'present',
+      'enabled' => true,
+    })
+
+    ensure_resource('keystone_user_role', "${username}@${project_name}", {
+      'ensure' => 'present',
+      'roles'  => $role_name,
+    })
+
+    ensure_resource('keystone_service', "${service_name}::identity", {
+      'ensure' => 'present',
+    })
+
+    ensure_resource('keystone_endpoint', "${region}/${service_name}::identity", {
+      'ensure'       => 'present',
+      'public_url'   => $public_url,
+      'admin_url'    => $admin_url,
+      'internal_url' => $internal_url_real,
+    })
  }

-  # Since the bootstrap is not guaranteed to execute on each run we
-  # use the below resources to make sure the current resources are
-  # correct so if some value was updated we set that.
-
-  ensure_resource('keystone_role', $role_name, {
-    'ensure' => 'present',
-  })
-
-  ensure_resource('keystone_user', $username, {
-    'ensure'   => 'present',
-    'enabled'  => true,
-    'email'    => $email,
-    'password' => $password,
-  })
-
-  ensure_resource('keystone_tenant', $service_project_name, {
-    'ensure'  => 'present',
-    'enabled' => true,
-  })
-
-  ensure_resource('keystone_tenant', $project_name, {
-    'ensure'  => 'present',
-    'enabled' => true,
-  })
-
-  ensure_resource('keystone_user_role', "${username}@${project_name}", {
-    'ensure' => 'present',
-    'roles'  => $role_name,
-  })
-
-  ensure_resource('keystone_service', "${service_name}::identity", {
-    'ensure' => 'present',
-  })
-
-  ensure_resource('keystone_endpoint', "${region}/${service_name}::identity", {
-    'ensure'       => 'present',
-    'public_url'   => $public_url,
-    'admin_url'    => $admin_url,
-    'internal_url' => $internal_url_real,
-  })
-
  # The below creates and populates the /etc/keystone/puppet.conf file that contains
  # the credentials that can be loaded by providers. Ensure it has the proper owner,
  # group and mode so that it cannot be read by anything other than root.
--- a/releasenotes/notes/keystone-bootstrap-flag-9eac9280f6f6d7ed.yaml
+++ b/releasenotes/notes/keystone-bootstrap-flag-9eac9280f6f6d7ed.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    The new ``keystone::bootstrap::bootstrap`` parameter has been added, to
+    disable ``keystone-manage bootstrap`` command. This is useful to generate
+    ``/etc/keystone/puppet.conf`` on multiple nodes while running bootstrap
+    command on a single node.
--- a/spec/classes/keystone_bootstrap_spec.rb
+++ b/spec/classes/keystone_bootstrap_spec.rb
@ -179,6 +179,46 @@ describe 'keystone::bootstrap' do
      )}
    end

+    context 'with bootstrap disabled' do
+      let :params do
+        {
+          :bootstrap => false,
+          :password  => 'secret'
+        }
+      end
+
+      it { is_expected.to contain_class('keystone::deps') }
+
+      it { is_expected.to_not contain_exec('keystone bootstrap') }
+
+      it { is_expected.to_not contain_keystone_role('admin') }
+      it { is_expected.to_not contain_keystone_user('admin') }
+      it { is_expected.to_not contain_keystone_tenant('services') }
+      it { is_expected.to_not contain_keystone_tenant('admin') }
+      it { is_expected.to_not contain_keystone_user_role('admin@admin') }
+      it { is_expected.to_not contain_keystone_service('keystone::identity') }
+      it { is_expected.to_not contain_keystone_endpoint('RegionOne/keystone::identity') }
+
+      it { is_expected.to contain_file('/etc/keystone/puppet.conf').with(
+        :ensure => 'present',
+        :replace => false,
+        :content => '',
+        :owner   => 'root',
+        :group   => 'root',
+        :mode    => '0600',
+        :require => 'Anchor[keystone::install::end]',
+      )}
+
+      it { is_expected.to contain_keystone__resource__authtoken('keystone_puppet_config').with(
+        :username     => 'admin',
+        :password     => 'secret',
+        :auth_url     => 'http://127.0.0.1:5000',
+        :project_name => 'admin',
+        :region_name  => 'RegionOne',
+        :interface    => 'public',
+      )}
+    end
+
    context 'when setting keystone_user param in keystone' do
      let :params do
        {