Enable _member_ role for undercloud install.
During upgrade, as we don't use instack_undercloud anymore, we missing
the _member_ role to the admin user.
This creates the necessary hooks in tht to have the member role
created during upgrade (and install for that matter).
This passes on the keystone_enable_member to puppet-tripleo, but it
needs a patch there as well for this mechanism to fully work.
Change-Id: I2319ed876eba7f21c0e80444bf78ca080fef252a
Depends-On: https://review.openstack.org/611919
Partial-Bug: #1799177
(cherry picked from commit 1c64c2c07b
)
This commit is contained in:
parent
3e641e196a
commit
3223f2dba3
|
@ -39,6 +39,7 @@ parameter_defaults:
|
|||
KernelIpForward: 1
|
||||
KernelIpNonLocalBind: 1
|
||||
KeystoneCorsAllowedOrigin: '*'
|
||||
KeystoneEnableMember: true
|
||||
# Increase the Token expiration time until we fix the actual session bug:
|
||||
# https://bugs.launchpad.net/tripleo/+bug/1761050
|
||||
TokenExpiration: 14400
|
||||
|
|
|
@ -286,6 +286,10 @@ parameters:
|
|||
default: ''
|
||||
description: Indicate whether this resource may be shared with the domain received in the request
|
||||
"origin" header.
|
||||
KeystoneEnableMember:
|
||||
description: Create the _member_ role, useful for undercloud deployment.
|
||||
type: boolean
|
||||
default: False
|
||||
|
||||
parameter_groups:
|
||||
- label: deprecated
|
||||
|
@ -343,6 +347,7 @@ outputs:
|
|||
- cors_allowed_origin_unset
|
||||
- {}
|
||||
- keystone::cors::allowed_origin: {get_param: KeystoneCorsAllowedOrigin}
|
||||
- keystone_enable_member: {get_param: KeystoneEnableMember}
|
||||
- keystone::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
|
|
Loading…
Reference in New Issue