Puppet 4.6.1 has been released and we should not need this workaround
anymore.
This reverts commit 2f76f68fadd76b6d52ed7eeca19c032308419bd9.
Change-Id: Ieaf3d2a86046e178c36fc4bf5f8a69e161910902
On xenial after update from puppet-agent 1.5 to 1.6, which include an
upgrade from 4.5 to 4.6 of puppet this code stopped working.
The ensure_resource in the keystone/init.pp manifest was not evaluated.
Adding this include seems to make it work again and we see that is the
log:
```
Debug: Resource keystone_config[identity/domain_specific_drivers_enabled] was not determined to be defined
Debug: Create new resource keystone_config[identity/domain_specific_drivers_enabled] with params {"value"=>true}
```
while without the include ::keystone, it's not there.
Puppet guru needed as to the why.
Change-Id: Ief78d70b8fe114ddf40d98fab93374862d3c23cb
When using the ldap_backend define, it will set the global
keystone configuration to use that driver too. This causes
an issue where default domain might be sql for openstack
service accounts and ldap for user accounts. The class
keystone::ldap handles setting the drivers in the global
keystone config file.
Change-Id: I768c5130a6fc23ec0a0bc7686f76cc859b4c8022
Closes-Bug: 1563261
In some instances you may not want this module managing the LDAP
packages, so we'll wrap it with a conditional that defaults to the old
behavior.
Change-Id: Ib1b401178facf364a6a62e4ca00084c56d0ecc4d
This code moves all deps to an external class so that Keystone can be
installed with mechanisms besides packages (like venv or docker). This
also cleans-up the dependency tree by removing false or confusing
dependencies.
Change-Id: If69cd7cba267f75faad51fdbc80a58b24d2095d8
Co-Author: Clayton O'Neill <clayton.oneill@twcable.com>
Instead of using long backend/drivers name, use short name and stevedore
will load plugins for us.
It will prevent this kind of message in logs:
Failed to load 'keystone.catalog.backends.sql.Catalog' using stevedore:
No 'keystone.catalog' driver found,
Also cleanup unit and functional tests that were setting wrong
credential & assignment drivers.
Change-Id: Id3b8ed63ef9a821eba5374af7ed0fd1c8d755e09
This patch makes sure we install ldap packages before installing
Keystone (so before installing apache, and before starting apache).
It will avoid to have orchestration issues and missing ldap package when
starting apache.
Change-Id: I6b6c050da6fba56e40f7a6e30e0117e7493ab68d
Closes-Bug: #1538394
This enable the user to inject multiple ldap backend configurations into
keystone.
Currently the ldap configuration is modeled through a class and injected
inside keystone.conf. In a multiple domains environment, this prevents
the user to create a ldap configuration by domain.
A deprecation warning is added to the current ldap class. This class is
not using the define as doing so would automatically trigger a restart
of the keystone server. This would be unexpected by the openstack
operator and would certainly be seen as a bug. This imply a lot of code
duplication but is required to make a smooth transition.
Change-Id: I75307d4a04510d8ba1a24663b1724849ea5b48f5
