From f971f2154773b83b3d1c47e5c48adaa89eb956b4 Mon Sep 17 00:00:00 2001
From: Thomas Goirand <zigo@debian.org>
Date: Mon, 19 Mar 2018 09:56:18 +0100
Subject: [PATCH] Make it so that service_name can handle Debian

If the value is 'keystone-public-keystone-admin', then the
module will use 2 services, one called keystone-public, and
one called keystone-admin (as per the new Debian package
which uses UWSGI instead of Apache).

Note: the Debian package doesn't do like this *yet*, but
that is planned for when this puppet module will support it.

Change-Id: I0e6772dc22e8c27a2ffc767844c7eae12e521235
---
 manifests/init.pp    | 78 +++++++++++++++++++++++++-------------------
 manifests/service.pp | 33 +++++++++++++++----
 2 files changed, 70 insertions(+), 41 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 2adc68553..eca8a9089 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -380,6 +380,10 @@
 #   web service.  For example, after calling class {'keystone'...}
 #   use class { 'keystone::wsgi::apache'...} to make keystone be
 #   a web app using apache mod_wsgi.
+#   If the value is 'keystone-public-keystone-admin', then the
+#   module will use 2 services, one called keystone-public, and
+#   one called keystone-admin (as per the new Debian package
+#   which uses UWSGI instead of Apache).
 #   Defaults to '$::keystone::params::service_name'
 #   NOTE: validate_service only applies if the default value is used.
 #
@@ -1104,45 +1108,51 @@ Fernet or UUID tokens are recommended.")
     warning('Execution of db_sync does not depend on $enabled anymore. Please use sync_db instead.')
   }
 
-  if $service_name == $::keystone::params::service_name {
-    $service_name_real = $::keystone::params::service_name
-    if $validate_service {
-      if $validate_auth_url {
-        $v_auth_url = $validate_auth_url
-      } else {
-        $v_auth_url = $admin_endpoint
-      }
+  case $service_name {
+    $::keystone::params::service_name, 'keystone-public-keystone-admin' : {
+      $service_name_real = $::keystone::params::service_name
+      if $validate_service {
+        if $validate_auth_url {
+          $v_auth_url = $validate_auth_url
+        } else {
+          $v_auth_url = $admin_endpoint
+        }
 
-      class { '::keystone::service':
-        ensure         => $service_ensure,
-        service_name   => $service_name,
-        enable         => $enabled,
-        hasstatus      => true,
-        hasrestart     => true,
-        validate       => true,
-        admin_endpoint => $v_auth_url,
-        admin_token    => $admin_token,
-        insecure       => $validate_insecure,
-        cacert         => $validate_cacert,
+        class { '::keystone::service':
+          ensure         => $service_ensure,
+          service_name   => $service_name,
+          enable         => $enabled,
+          hasstatus      => true,
+          hasrestart     => true,
+          validate       => true,
+          admin_endpoint => $v_auth_url,
+          admin_token    => $admin_token,
+          insecure       => $validate_insecure,
+          cacert         => $validate_cacert,
+        }
+      } else {
+        class { '::keystone::service':
+          ensure       => $service_ensure,
+          service_name => $service_name,
+          enable       => $enabled,
+          hasstatus    => true,
+          hasrestart   => true,
+          validate     => false,
+        }
       }
-    } else {
-      class { '::keystone::service':
-        ensure       => $service_ensure,
-        service_name => $service_name,
-        enable       => $enabled,
-        hasstatus    => true,
-        hasrestart   => true,
-        validate     => false,
+      if $service_name == $::keystone::params::service_name {
+        warning("Keystone under Eventlet has been deprecated during the Kilo cycle. \
+Support for deploying under eventlet will be dropped as of the M-release of OpenStack.")
       }
     }
-    warning("Keystone under Eventlet has been deprecated during the Kilo cycle. \
-Support for deploying under eventlet will be dropped as of the M-release of OpenStack.")
-  } elsif $service_name == 'httpd' {
-    include ::apache::params
-    $service_name_real = $::apache::params::service_name
-  } else {
-    fail("Invalid service_name. Either keystone/openstack-keystone for \
+    'httpd': {
+      include ::apache::params
+      $service_name_real = $::apache::params::service_name
+    }
+    default: {
+      fail("Invalid service_name. Either keystone/openstack-keystone for \
 running as a standalone service, or httpd for being run by a httpd server")
+    }
   }
 
   if $sync_db {
diff --git a/manifests/service.pp b/manifests/service.pp
index 412dc4b2a..baf3ca834 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -77,13 +77,32 @@ class keystone::service(
   include ::keystone::deps
   include ::keystone::params
 
-  service { 'keystone':
-    ensure     => $ensure,
-    name       => $service_name,
-    enable     => $enable,
-    hasstatus  => $hasstatus,
-    hasrestart => $hasrestart,
-    tag        => 'keystone-service',
+  if ($service_name == 'keystone-public-keystone-admin'){
+    service { 'keystone-public':
+      ensure     => $ensure,
+      name       => 'keystone-public',
+      enable     => $enable,
+      hasstatus  => $hasstatus,
+      hasrestart => $hasrestart,
+      tag        => 'keystone-service',
+    }
+    service { 'keystone-admin':
+      ensure     => $ensure,
+      name       => 'keystone-admin',
+      enable     => $enable,
+      hasstatus  => $hasstatus,
+      hasrestart => $hasrestart,
+      tag        => 'keystone-service',
+    }
+  } else {
+    service { 'keystone':
+      ensure     => $ensure,
+      name       => $service_name,
+      enable     => $enable,
+      hasstatus  => $hasstatus,
+      hasrestart => $hasrestart,
+      tag        => 'keystone-service',
+    }
   }
 
   if $insecure {