Add ssl tasks to keystone role and fix ordering

Added ssl-keys-saving and ssl-add-trust-chain tasks to keystone
role so that it can contact public endpoint on public VIP
(after controller deployment) and validate the SSL cert.

Non-primary standalone keystone role should run before all other
default roles as well.

Closes-Bug: #1511319
Change-Id: I3eaee62ce8399ee9e053f03a419e0cf99559c80a
This commit is contained in:
Matthew Mosesohn 2015-10-29 13:59:45 +03:00
parent 0f3eb3257d
commit 2557bb01ac
1 changed files with 8 additions and 5 deletions

View File

@ -4,8 +4,9 @@
requires: [deploy_start, primary-standalone-database]
required_for: [primary-controller, cinder-keystone, nova-keystone, deploy_end]
tasks: [fuel_pkgs, hiera, globals, tools, logging,
netconfig, hosts, firewall, deploy_start, cluster, keystone-vip,
cluster-haproxy, openstack-haproxy-stats, task-keystone-db, memcached,
netconfig, hosts, firewall, ssl-keys-saving, ssl-add-trust-chain,
deploy_start, cluster, keystone-vip, cluster-haproxy,
openstack-haproxy-stats, task-keystone-db, memcached, apache,
task-keystone]
parameters:
strategy:
@ -15,10 +16,12 @@
type: group
role: [standalone-keystone]
requires: [deploy_start, primary-standalone-keystone]
required_for: [deploy_end]
required_for: [primary-controller, cinder-keystone, nova-keystone, deploy_end]
tasks: [fuel_pkgs, hiera, globals, tools, logging,
netconfig, hosts, firewall, deploy_start, cluster, keystone-vip,
cluster-haproxy, memcached, openstack-haproxy-stats, task-keystone]
netconfig, hosts, firewall, ssl-keys-saving, ssl-add-trust-chain,
deploy_start, cluster, keystone-vip, cluster-haproxy,
openstack-haproxy-stats, task-keystone-db, memcached, apache,
task-keystone]
parameters:
strategy:
type: parallel