Keystone domain for Heat
This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. Change-Id: I7397f49fac17c30262d02b70021d613aef5c6cad
This commit is contained in:
parent
0c14b2ad3e
commit
7313930c22
|
@ -316,9 +316,9 @@ parameters:
|
|||
type: string
|
||||
hidden: true
|
||||
HeatStackDomainAdminPassword:
|
||||
description: Password for heat_domain_admin user.
|
||||
default: unset
|
||||
description: Password for heat_stack_domain_admin user.
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
KeystoneCACertificate:
|
||||
default: ''
|
||||
|
|
|
@ -133,9 +133,9 @@ parameters:
|
|||
type: string
|
||||
hidden: true
|
||||
HeatStackDomainAdminPassword:
|
||||
description: Password for heat_domain_admin user.
|
||||
default: unset
|
||||
description: Password for heat_stack_domain_admin user.
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
HeatAuthEncryptionKey:
|
||||
description: Auth encryption key for heat-engine
|
||||
|
@ -702,8 +702,13 @@ resources:
|
|||
heat::database_connection: {get_input: heat_dsn}
|
||||
heat::instance_user: heat-admin
|
||||
heat::debug: {get_input: debug}
|
||||
# TO-DO: Remove this class as soon as Keystone v3 will be fully functional
|
||||
heat::keystone::domain::auth_url: {list_join: ['', ['http://', {get_param: VirtualIP} , ':35357/v2.0']]}
|
||||
heat::keystone::domain::keystone_password: {get_input: admin_password}
|
||||
heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
|
||||
|
||||
# Keystone
|
||||
keystone::roles::admin::password: {get_input: admin_password}
|
||||
keystone::admin_token: {get_input: admin_token}
|
||||
keystone_ca_certificate: {get_input: keystone_ca_certificate}
|
||||
keystone_signing_key: {get_input: keystone_signing_key}
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
|
||||
# Hiera data here applies to all controller nodes
|
||||
keystone::roles::admin::email: 'root@localhost'
|
||||
keystone::roles::admin::admin_tenant: 'admin'
|
||||
|
||||
nova::api::enabled: true
|
||||
nova::conductor::enabled: true
|
||||
nova::consoleauth::enabled: true
|
||||
|
@ -69,6 +73,10 @@ cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterSch
|
|||
heat::engine::heat_stack_user_role: ''
|
||||
heat::engine::configure_delegated_roles: false
|
||||
heat::engine::trusts_delegated_roles: []
|
||||
heat::keystone::domain::keystone_admin: 'admin'
|
||||
heat::keystone::domain::keystone_tenant: 'admin'
|
||||
heat::keystone::domain::domain_name: 'heat_stack'
|
||||
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
|
||||
|
||||
mysql::server::manage_config_file: true
|
||||
|
||||
|
|
|
@ -152,6 +152,7 @@ if hiera('step') >= 2 {
|
|||
if hiera('step') >= 3 {
|
||||
|
||||
include ::keystone
|
||||
include ::keystone::roles::admin
|
||||
|
||||
#TODO: need a cleanup-keystone-tokens.sh solution here
|
||||
keystone_config {
|
||||
|
@ -339,6 +340,9 @@ if hiera('step') >= 3 {
|
|||
include ::heat::api_cfn
|
||||
include ::heat::api_cloudwatch
|
||||
include ::heat::engine
|
||||
# TO-DO: Remove this class as soon as Keystone v3 will be fully functional
|
||||
include ::heat::keystone::domain
|
||||
Service['keystone'] -> Class['::keystone::roles::admin'] -> Exec['heat_domain_create']
|
||||
|
||||
$snmpd_user = hiera('snmpd_readonly_user_name')
|
||||
snmp::snmpv3_user { $snmpd_user:
|
||||
|
|
Loading…
Reference in New Issue