Merge "Add a new parameter to enable/disable bootstrap"
This commit is contained in:
commit
7f6b218341
|
@ -54,6 +54,10 @@
|
||||||
# (Optional) Which interface endpoint should be used.
|
# (Optional) Which interface endpoint should be used.
|
||||||
# Defaults to 'public'
|
# Defaults to 'public'
|
||||||
#
|
#
|
||||||
|
# [*bootstrap*]
|
||||||
|
# (Optional) Whether to run keystone-manage bootstrap command.
|
||||||
|
# Defaults to true
|
||||||
|
#
|
||||||
class keystone::bootstrap (
|
class keystone::bootstrap (
|
||||||
$password,
|
$password,
|
||||||
$username = 'admin',
|
$username = 'admin',
|
||||||
|
@ -67,6 +71,7 @@ class keystone::bootstrap (
|
||||||
$internal_url = undef,
|
$internal_url = undef,
|
||||||
$region = 'RegionOne',
|
$region = 'RegionOne',
|
||||||
$interface = 'public',
|
$interface = 'public',
|
||||||
|
$bootstrap = true,
|
||||||
) inherits keystone::params {
|
) inherits keystone::params {
|
||||||
|
|
||||||
include keystone::deps
|
include keystone::deps
|
||||||
|
@ -82,71 +87,73 @@ class keystone::bootstrap (
|
||||||
$keystone_user = $::keystone::params::keystone_user
|
$keystone_user = $::keystone::params::keystone_user
|
||||||
}
|
}
|
||||||
|
|
||||||
# The initial bootstrap that creates all resources required but
|
if $bootstrap {
|
||||||
# only subscribes to notifies from the keystone::dbsync::end anchor
|
# The initial bootstrap that creates all resources required but
|
||||||
# which means this is not guaranteed to execute on each run.
|
# only subscribes to notifies from the keystone::dbsync::end anchor
|
||||||
exec { 'keystone bootstrap':
|
# which means this is not guaranteed to execute on each run.
|
||||||
command => 'keystone-manage bootstrap',
|
exec { 'keystone bootstrap':
|
||||||
environment => [
|
command => 'keystone-manage bootstrap',
|
||||||
"OS_BOOTSTRAP_USERNAME=${username}",
|
environment => [
|
||||||
"OS_BOOTSTRAP_PASSWORD=${password}",
|
"OS_BOOTSTRAP_USERNAME=${username}",
|
||||||
"OS_BOOTSTRAP_PROJECT_NAME=${project_name}",
|
"OS_BOOTSTRAP_PASSWORD=${password}",
|
||||||
"OS_BOOTSTRAP_ROLE_NAME=${role_name}",
|
"OS_BOOTSTRAP_PROJECT_NAME=${project_name}",
|
||||||
"OS_BOOTSTRAP_SERVICE_NAME=${service_name}",
|
"OS_BOOTSTRAP_ROLE_NAME=${role_name}",
|
||||||
"OS_BOOTSTRAP_ADMIN_URL=${admin_url}",
|
"OS_BOOTSTRAP_SERVICE_NAME=${service_name}",
|
||||||
"OS_BOOTSTRAP_PUBLIC_URL=${public_url}",
|
"OS_BOOTSTRAP_ADMIN_URL=${admin_url}",
|
||||||
"OS_BOOTSTRAP_INTERNAL_URL=${internal_url_real}",
|
"OS_BOOTSTRAP_PUBLIC_URL=${public_url}",
|
||||||
"OS_BOOTSTRAP_REGION_ID=${region}",
|
"OS_BOOTSTRAP_INTERNAL_URL=${internal_url_real}",
|
||||||
],
|
"OS_BOOTSTRAP_REGION_ID=${region}",
|
||||||
user => $keystone_user,
|
],
|
||||||
path => '/usr/bin',
|
user => $keystone_user,
|
||||||
refreshonly => true,
|
path => '/usr/bin',
|
||||||
subscribe => Anchor['keystone::dbsync::end'],
|
refreshonly => true,
|
||||||
notify => Anchor['keystone::service::begin'],
|
subscribe => Anchor['keystone::dbsync::end'],
|
||||||
tag => 'keystone-bootstrap',
|
notify => Anchor['keystone::service::begin'],
|
||||||
|
tag => 'keystone-bootstrap',
|
||||||
|
}
|
||||||
|
|
||||||
|
# Since the bootstrap is not guaranteed to execute on each run we
|
||||||
|
# use the below resources to make sure the current resources are
|
||||||
|
# correct so if some value was updated we set that.
|
||||||
|
|
||||||
|
ensure_resource('keystone_role', $role_name, {
|
||||||
|
'ensure' => 'present',
|
||||||
|
})
|
||||||
|
|
||||||
|
ensure_resource('keystone_user', $username, {
|
||||||
|
'ensure' => 'present',
|
||||||
|
'enabled' => true,
|
||||||
|
'email' => $email,
|
||||||
|
'password' => $password,
|
||||||
|
})
|
||||||
|
|
||||||
|
ensure_resource('keystone_tenant', $service_project_name, {
|
||||||
|
'ensure' => 'present',
|
||||||
|
'enabled' => true,
|
||||||
|
})
|
||||||
|
|
||||||
|
ensure_resource('keystone_tenant', $project_name, {
|
||||||
|
'ensure' => 'present',
|
||||||
|
'enabled' => true,
|
||||||
|
})
|
||||||
|
|
||||||
|
ensure_resource('keystone_user_role', "${username}@${project_name}", {
|
||||||
|
'ensure' => 'present',
|
||||||
|
'roles' => $role_name,
|
||||||
|
})
|
||||||
|
|
||||||
|
ensure_resource('keystone_service', "${service_name}::identity", {
|
||||||
|
'ensure' => 'present',
|
||||||
|
})
|
||||||
|
|
||||||
|
ensure_resource('keystone_endpoint', "${region}/${service_name}::identity", {
|
||||||
|
'ensure' => 'present',
|
||||||
|
'public_url' => $public_url,
|
||||||
|
'admin_url' => $admin_url,
|
||||||
|
'internal_url' => $internal_url_real,
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
# Since the bootstrap is not guaranteed to execute on each run we
|
|
||||||
# use the below resources to make sure the current resources are
|
|
||||||
# correct so if some value was updated we set that.
|
|
||||||
|
|
||||||
ensure_resource('keystone_role', $role_name, {
|
|
||||||
'ensure' => 'present',
|
|
||||||
})
|
|
||||||
|
|
||||||
ensure_resource('keystone_user', $username, {
|
|
||||||
'ensure' => 'present',
|
|
||||||
'enabled' => true,
|
|
||||||
'email' => $email,
|
|
||||||
'password' => $password,
|
|
||||||
})
|
|
||||||
|
|
||||||
ensure_resource('keystone_tenant', $service_project_name, {
|
|
||||||
'ensure' => 'present',
|
|
||||||
'enabled' => true,
|
|
||||||
})
|
|
||||||
|
|
||||||
ensure_resource('keystone_tenant', $project_name, {
|
|
||||||
'ensure' => 'present',
|
|
||||||
'enabled' => true,
|
|
||||||
})
|
|
||||||
|
|
||||||
ensure_resource('keystone_user_role', "${username}@${project_name}", {
|
|
||||||
'ensure' => 'present',
|
|
||||||
'roles' => $role_name,
|
|
||||||
})
|
|
||||||
|
|
||||||
ensure_resource('keystone_service', "${service_name}::identity", {
|
|
||||||
'ensure' => 'present',
|
|
||||||
})
|
|
||||||
|
|
||||||
ensure_resource('keystone_endpoint', "${region}/${service_name}::identity", {
|
|
||||||
'ensure' => 'present',
|
|
||||||
'public_url' => $public_url,
|
|
||||||
'admin_url' => $admin_url,
|
|
||||||
'internal_url' => $internal_url_real,
|
|
||||||
})
|
|
||||||
|
|
||||||
# The below creates and populates the /etc/keystone/puppet.conf file that contains
|
# The below creates and populates the /etc/keystone/puppet.conf file that contains
|
||||||
# the credentials that can be loaded by providers. Ensure it has the proper owner,
|
# the credentials that can be loaded by providers. Ensure it has the proper owner,
|
||||||
# group and mode so that it cannot be read by anything other than root.
|
# group and mode so that it cannot be read by anything other than root.
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The new ``keystone::bootstrap::bootstrap`` parameter has been added, to
|
||||||
|
disable ``keystone-manage bootstrap`` command. This is useful to generate
|
||||||
|
``/etc/keystone/puppet.conf`` on multiple nodes while running bootstrap
|
||||||
|
command on a single node.
|
|
@ -179,6 +179,46 @@ describe 'keystone::bootstrap' do
|
||||||
)}
|
)}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with bootstrap disabled' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:bootstrap => false,
|
||||||
|
:password => 'secret'
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { is_expected.to contain_class('keystone::deps') }
|
||||||
|
|
||||||
|
it { is_expected.to_not contain_exec('keystone bootstrap') }
|
||||||
|
|
||||||
|
it { is_expected.to_not contain_keystone_role('admin') }
|
||||||
|
it { is_expected.to_not contain_keystone_user('admin') }
|
||||||
|
it { is_expected.to_not contain_keystone_tenant('services') }
|
||||||
|
it { is_expected.to_not contain_keystone_tenant('admin') }
|
||||||
|
it { is_expected.to_not contain_keystone_user_role('admin@admin') }
|
||||||
|
it { is_expected.to_not contain_keystone_service('keystone::identity') }
|
||||||
|
it { is_expected.to_not contain_keystone_endpoint('RegionOne/keystone::identity') }
|
||||||
|
|
||||||
|
it { is_expected.to contain_file('/etc/keystone/puppet.conf').with(
|
||||||
|
:ensure => 'present',
|
||||||
|
:replace => false,
|
||||||
|
:content => '',
|
||||||
|
:owner => 'root',
|
||||||
|
:group => 'root',
|
||||||
|
:mode => '0600',
|
||||||
|
:require => 'Anchor[keystone::install::end]',
|
||||||
|
)}
|
||||||
|
|
||||||
|
it { is_expected.to contain_keystone__resource__authtoken('keystone_puppet_config').with(
|
||||||
|
:username => 'admin',
|
||||||
|
:password => 'secret',
|
||||||
|
:auth_url => 'http://127.0.0.1:5000',
|
||||||
|
:project_name => 'admin',
|
||||||
|
:region_name => 'RegionOne',
|
||||||
|
:interface => 'public',
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
|
||||||
context 'when setting keystone_user param in keystone' do
|
context 'when setting keystone_user param in keystone' do
|
||||||
let :params do
|
let :params do
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue