diff --git a/docs/packstack.rst b/docs/packstack.rst index 383179c53..1704779e1 100755 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -314,9 +314,6 @@ Keystone Config parameters **CONFIG_KEYSTONE_REGION** Default region name to use when creating tenants in the Identity service. -**CONFIG_KEYSTONE_ADMIN_TOKEN** - Token to use for the Identity service API. - **CONFIG_KEYSTONE_ADMIN_USERNAME** User name for the Identity service 'admin' user. Defaults to 'admin'. diff --git a/packstack/plugins/keystone_100.py b/packstack/plugins/keystone_100.py index b0df9e6d5..861fb8754 100644 --- a/packstack/plugins/keystone_100.py +++ b/packstack/plugins/keystone_100.py @@ -16,8 +16,6 @@ Installs and configures Keystone """ -import uuid - from packstack.installer import basedefs from packstack.installer import validators from packstack.installer import processors @@ -75,18 +73,6 @@ def initConfig(controller): "NEED_CONFIRM": False, "CONDITION": False}, - {"CMD_OPTION": "keystone-admin-token", - "PROMPT": "The token to use for the Keystone service api", - "OPTION_LIST": [], - "VALIDATORS": [validators.validate_not_empty], - "DEFAULT_VALUE": uuid.uuid4().hex, - "MASK_INPUT": True, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_KEYSTONE_ADMIN_TOKEN", - "USE_DEFAULT": True, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "keystone-admin-email", "PROMPT": "Enter the email address for the Keystone admin user", "OPTION_LIST": [], diff --git a/packstack/puppet/modules/packstack/manifests/keystone.pp b/packstack/puppet/modules/packstack/manifests/keystone.pp index 736c240aa..0ab3fc986 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone.pp @@ -32,8 +32,6 @@ class packstack::keystone () } class { '::keystone': - admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'), - admin_password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone", token_provider => "${keystone_token_provider_str}", enable_fernet_setup => true, @@ -49,31 +47,23 @@ class packstack::keystone () ssl => $keystone_use_ssl } - if hiera('CONFIG_HEAT_INSTALL') == 'y' { - $keystone_admin_roles = ['admin', '_member_'] - } else { - $keystone_admin_roles = ['admin'] - } + $username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') # Ensure the default _member_ role is present keystone_role { '_member_': ensure => present, - } -> - class { '::keystone::roles::admin': - email => hiera('CONFIG_KEYSTONE_ADMIN_EMAIL'), - admin => hiera('CONFIG_KEYSTONE_ADMIN_USERNAME'), - password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), - admin_tenant => 'admin', - admin_roles => $keystone_admin_roles, } - class { '::keystone::endpoint': - default_domain => 'Default', - public_url => $keystone_url, - internal_url => $keystone_url, - admin_url => $keystone_admin_url, - region => hiera('CONFIG_KEYSTONE_REGION'), - version => 'v3', + class { '::keystone::bootstrap': + password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), + username => $username, + email => hiera('CONFIG_KEYSTONE_ADMIN_EMAIL'), + project_name => 'admin', + role_name => 'admin', + admin_url => $keystone_admin_url, + public_url => $keystone_url, + internal_url => $keystone_url, + region => hiera('CONFIG_KEYSTONE_REGION'), } # default assignment driver is SQL diff --git a/releasenotes/notes/admin-token-removed-64ae39c4ecd28f15.yaml b/releasenotes/notes/admin-token-removed-64ae39c4ecd28f15.yaml new file mode 100644 index 000000000..e95e4cb00 --- /dev/null +++ b/releasenotes/notes/admin-token-removed-64ae39c4ecd28f15.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The config option CONFIG_KEYSTONE_ADMIN_TOKEN to configure the admin token + is removed. You must specify a admin password with CONFIG_KEYSTONE_ADMIN_PW.