Revert "Keystone domain for Heat"

This reverts commit 7313930c22b9f18d67e630de084ffcc6fad5ebe7.

Seeing errors when trying to create the keystone admin
role with packages. (ImportError: No module named os_client_config)

Change-Id: I78796598ccb8d2ffd6bfca85dce7d18dc0fd768e
Related-bug: #1450786

diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 834dda2..fce322c 100644 (file)
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -337,9 +337,9 @@ parameters:
     type: string
     hidden: true
   HeatStackDomainAdminPassword:
-    default: unset
-    description: Password for heat_stack_domain_admin user.
+    description: Password for heat_domain_admin user.
     type: string
+    default: ''
     hidden: true
   KeystoneCACertificate:
     default: ''

diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 80b790d..e919591 100644 (file)
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -154,9 +154,9 @@ parameters:
     type: string
     hidden: true
   HeatStackDomainAdminPassword:
-    default: unset
-    description: Password for heat_stack_domain_admin user.
+    description: Password for heat_domain_admin user.
     type: string
+    default: ''
     hidden: true
   HeatAuthEncryptionKey:
     description: Auth encryption key for heat-engine
@@ -740,13 +740,8 @@ resources:
                 heat::database_connection: {get_input: heat_dsn}
                 heat::instance_user: heat-admin
                 heat::debug: {get_input: debug}
-                # TO-DO: Remove this class as soon as Keystone v3 will be fully functional
-                heat::keystone::domain::auth_url: {list_join: ['', ['http://', {get_param: VirtualIP} , ':35357/v2.0']]}
-                heat::keystone::domain::keystone_password: {get_input: admin_password}
-                heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
 
                 # Keystone
-                keystone::roles::admin::password: {get_input: admin_password}
                 keystone::admin_token: {get_input: admin_token}
                 keystone_ca_certificate: {get_input: keystone_ca_certificate}
                 keystone_signing_key: {get_input: keystone_signing_key}

diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 421bbdf..5cf9f35 100644 (file)
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -1,8 +1,4 @@
-
 # Hiera data here applies to all controller nodes
-keystone::roles::admin::email: 'root@localhost'
-keystone::roles::admin::admin_tenant: 'admin'
-
 nova::api::enabled: true
 nova::conductor::enabled: true
 nova::consoleauth::enabled: true
@@ -80,10 +76,6 @@ cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterSch
 heat::engine::heat_stack_user_role: ''
 heat::engine::configure_delegated_roles: false
 heat::engine::trusts_delegated_roles: []
-heat::keystone::domain::keystone_admin: 'admin'
-heat::keystone::domain::keystone_tenant: 'admin'
-heat::keystone::domain::domain_name: 'heat_stack'
-heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
 
 # pacemaker
 pacemaker::corosync::cluster_name: 'tripleo_cluster'

diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 9f385a1..6e8bf5a 100644 (file)
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -260,7 +260,6 @@ if hiera('step') >= 2 {
 if hiera('step') >= 3 {
 
   include ::keystone
-  include ::keystone::roles::admin
 
   #TODO: need a cleanup-keystone-tokens.sh solution here
   keystone_config {
@@ -462,9 +461,6 @@ if hiera('step') >= 3 {
   include ::heat::api_cfn
   include ::heat::api_cloudwatch
   include ::heat::engine
-  # TO-DO: Remove this class as soon as Keystone v3 will be fully functional
-  include ::heat::keystone::domain
-  Service['keystone'] -> Class['::keystone::roles::admin'] -> Exec['heat_domain_create']
 
   $snmpd_user = hiera('snmpd_readonly_user_name')
   snmp::snmpv3_user { $snmpd_user: