puppet-keystone/manifests/deps.pp

# == Class: keystone::deps
#
#  keystone anchors and dependency management
#
class keystone::deps {
  # Setup anchors for install, config and service phases of the module.  These
  # anchors allow external modules to hook the begin and end of any of these
  # phases.  Package or service management can also be replaced by ensuring the
  # package is absent or turning off service management and having the
  # replacement depend on the appropriate anchors.  When applicable, end tags
  # should be notified so that subscribers can determine if installation,
  # config or service state changed and act on that if needed.
  anchor { 'keystone::install::begin': }
  -> Package<| tag == 'keystone-package'|>
  ~> anchor { 'keystone::install::end': }
  -> anchor { 'keystone::config::begin': }
  -> Keystone_config<||>
  ~> anchor { 'keystone::config::end': }
  -> anchor { 'keystone::db::begin': }
  -> anchor { 'keystone::db::end': }
  ~> anchor { 'keystone::dbsync::begin': }
  -> anchor { 'keystone::dbsync::end': }
  ~> anchor { 'keystone::service::begin': }
  ~> Service<| tag == 'keystone-service' |>
  ~> anchor { 'keystone::service::end': }

  # all cache settings should be applied and all packages should be installed
  # before service startup
  Oslo::Cache<||> -> Anchor['keystone::service::begin']

  # all db settings should be applied and all packages should be installed
  # before dbsync starts
  Oslo::Db<||> -> Anchor['keystone::dbsync::begin']

  # policy config should occur in the config block also.
  Anchor['keystone::config::begin']
  -> Openstacklib::Policy::Base<||>
  ~> Anchor['keystone::config::end']

  # Support packages need to be installed in the install phase, but we don't
  # put them in the chain above because we don't want any false dependencies
  # between packages with the keystone-package tag and the keystone-support-package
  # tag.  Note: the package resources here will have a 'before' relationshop on
  # the keystone::install::end anchor.  The line between keystone-support-package and
  # keystone-package should be whether or not keystone services would need to be
  # restarted if the package state was changed.
  Anchor['keystone::install::begin']
  -> Package<| tag == 'keystone-support-package'|>
  -> Anchor['keystone::install::end']

  # We need openstackclient before marking service end so that keystone
  # will have clients available to create resources. This tag handles the
  # openstackclient but indirectly since the client is not available in
  # all catalogs that don't need the client class (like many spec tests)
  Package<| tag == 'openstack'|>
  ~> Anchor['keystone::service::end']

  # The following resources need to be provisioned after the service is up.
  Anchor['keystone::service::end']
  -> Keystone_domain<||>
  Anchor['keystone::service::end']
  -> Keystone_endpoint<||>
  Anchor['keystone::service::end']
  -> Keystone_role<||>
  Anchor['keystone::service::end']
  -> Keystone_service<||>
  Anchor['keystone::service::end']
  -> Keystone_tenant<||>
  Anchor['keystone::service::end']
  -> Keystone_user<||>
  Anchor['keystone::service::end']
  -> Keystone_user_role<||>

  # Installation or config changes will always restart services.
  Anchor['keystone::install::end'] ~> Anchor['keystone::service::begin']
  Anchor['keystone::config::end']  ~> Anchor['keystone::service::begin']

  # Install the package before the Apache module purges wsgi-keystone.conf.
  # Otherwise, the run isn't indempotent.
  Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-enabled' |>
  Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-available' |>

  # Bootstrap needs to be executed after fernet keys are created/generated.
  Exec<| title == 'keystone-manage fernet_setup' |> -> Exec<| title == 'keystone bootstrap' |>
  File<| tag == 'keystone-fernet-key' |> -> Exec<| title == 'keystone bootstrap' |>
}