Use keystone::bootstrap

Depends-On: https://review.opendev.org/#/c/692664
Change-Id: I484f318b1ee8b5402e6b5e0049025e3a0e6fb45c

docs/packstack.rst

@@ -314,9 +314,6 @@ Keystone Config parameters
 **CONFIG_KEYSTONE_REGION**
     Default region name to use when creating tenants in the Identity service.
 
-**CONFIG_KEYSTONE_ADMIN_TOKEN**
-    Token to use for the Identity service API.
-
 **CONFIG_KEYSTONE_ADMIN_USERNAME**
     User name for the Identity service 'admin' user.  Defaults to 'admin'.
 

packstack/plugins/keystone_100.py

@@ -16,8 +16,6 @@
 Installs and configures Keystone
 """
 
-import uuid
-
 from packstack.installer import basedefs
 from packstack.installer import validators
 from packstack.installer import processors
@@ -75,18 +73,6 @@ def initConfig(controller):
              "NEED_CONFIRM": False,
              "CONDITION": False},
 
-            {"CMD_OPTION": "keystone-admin-token",
-             "PROMPT": "The token to use for the Keystone service api",
-             "OPTION_LIST": [],
-             "VALIDATORS": [validators.validate_not_empty],
-             "DEFAULT_VALUE": uuid.uuid4().hex,
-             "MASK_INPUT": True,
-             "LOOSE_VALIDATION": False,
-             "CONF_NAME": "CONFIG_KEYSTONE_ADMIN_TOKEN",
-             "USE_DEFAULT": True,
-             "NEED_CONFIRM": False,
-             "CONDITION": False},
-
             {"CMD_OPTION": "keystone-admin-email",
              "PROMPT": "Enter the email address for the Keystone admin user",
              "OPTION_LIST": [],

packstack/puppet/modules/packstack/manifests/keystone.pp

@@ -32,8 +32,6 @@ class packstack::keystone ()
     }
 
     class { '::keystone':
-      admin_token         => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'),
-      admin_password      => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
       database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone",
       token_provider      => "${keystone_token_provider_str}",
       enable_fernet_setup => true,
@@ -49,31 +47,23 @@ class packstack::keystone ()
       ssl     => $keystone_use_ssl
     }
 
-    if hiera('CONFIG_HEAT_INSTALL') == 'y' {
-      $keystone_admin_roles = ['admin', '_member_']
-    } else {
-      $keystone_admin_roles = ['admin']
-    }
+    $username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME')
 
     # Ensure the default _member_ role is present
     keystone_role { '_member_':
       ensure => present,
-    } ->
-    class { '::keystone::roles::admin':
-      email        => hiera('CONFIG_KEYSTONE_ADMIN_EMAIL'),
-      admin        => hiera('CONFIG_KEYSTONE_ADMIN_USERNAME'),
-      password     => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
-      admin_tenant => 'admin',
-      admin_roles  => $keystone_admin_roles,
     }
 
-    class { '::keystone::endpoint':
-      default_domain => 'Default',
-      public_url     => $keystone_url,
-      internal_url   => $keystone_url,
-      admin_url      => $keystone_admin_url,
-      region         => hiera('CONFIG_KEYSTONE_REGION'),
-      version        => 'v3',
+    class { '::keystone::bootstrap':
+      password     => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
+      username     => $username,
+      email        => hiera('CONFIG_KEYSTONE_ADMIN_EMAIL'),
+      project_name => 'admin',
+      role_name    => 'admin',
+      admin_url    => $keystone_admin_url,
+      public_url   => $keystone_url,
+      internal_url => $keystone_url,
+      region       => hiera('CONFIG_KEYSTONE_REGION'),
     }
 
     # default assignment driver is SQL

releasenotes/notes/admin-token-removed-64ae39c4ecd28f15.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The config option CONFIG_KEYSTONE_ADMIN_TOKEN to configure the admin token
+    is removed. You must specify a admin password with CONFIG_KEYSTONE_ADMIN_PW.