Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f9d6db8)
Move keystone::auth into service_config_settings
authorDan Prince <dprince@redhat.com>
Thu, 15 Sep 2016 07:19:15 +0000 (09:19 +0200)
committerDan Prince <dprince@redhat.com>
Fri, 23 Sep 2016 11:43:21 +0000 (07:43 -0400)
This patch moves the keystone::auth settings for all
services into the new service_config_settings section. This
is important because we execute the keystone commands via
puppet only on the role containing the keystone service
and without these settings it will fail.

Note that yaql merging/filtering is used here to ensure that
service_config_settings is optional in service templates,
and also that we'll only deploy hieradata for a given
service on a node running the service (the key in
the service_config_settings map must match the service_name
in the service template for this to work).

e.g the following will result in only deploying keystone: 123
in hiera on the role running the "keystone" service,
regardless of which service template defines it.

  service_config_settings:
    keystone:
      keystone: 123

Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265
Closes-bug: 1620829

19 files changed:
overcloud.j2.yaml patch | blob | history
puppet/services/aodh-api.yaml patch | blob | history
puppet/services/aodh-base.yaml patch | blob | history
puppet/services/ceilometer-api.yaml patch | blob | history
puppet/services/ceilometer-base.yaml patch | blob | history
puppet/services/ceph-rgw.yaml patch | blob | history
puppet/services/cinder-api.yaml patch | blob | history
puppet/services/glance-api.yaml patch | blob | history
puppet/services/gnocchi-api.yaml patch | blob | history
puppet/services/heat-api-cfn.yaml patch | blob | history
puppet/services/heat-api.yaml patch | blob | history
puppet/services/ironic-api.yaml patch | blob | history
puppet/services/manila-api.yaml patch | blob | history
puppet/services/neutron-api.yaml patch | blob | history
puppet/services/nova-api.yaml patch | blob | history
puppet/services/sahara-api.yaml patch | blob | history
puppet/services/sahara-base.yaml patch | blob | history
puppet/services/services.yaml patch | blob | history
puppet/services/swift-proxy.yaml patch | blob | history

diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index aad1af6..5c75a66 100644 (file)
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -261,6 +261,21 @@ resources:
           {% for r in roles %}
               - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings]
           {% endfor %}
+              # This next step combines two yaql passes:
+              # - The inner one does a deep merge on the service_config_settings for all roles
+              # - The outer one filters the map based on the services enabled for the role
+              #   then merges the result into one map.
+              - yaql:
+                  expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {})
+                  data:
+                    map:
+                      yaql:
+                        expression: $.data.where($ != null).reduce($1.mergeWith($2), {})
+                        data:
+                        {% for r in roles %}
+                          - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings]
+                        {% endfor %}
+                    services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
           ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]}
           MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]}
           LoggingSources: {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]}
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 15e9386..d3d9b5a 100644 (file)
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -74,5 +74,7 @@ outputs:
             aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
             aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
             tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
+      service_config_settings:
+          get_attr: [AodhBase, role_data, service_config_settings]
       step_config: |
         include tripleo::profile::base::aodh::api
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 187345a..5314b83 100644 (file)
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -87,12 +87,6 @@ outputs:
         aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
         aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
         aodh::auth::auth_password: {get_param: AodhPassword}
-        aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
-        aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
-        aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
-        aodh::keystone::auth::password: {get_param: AodhPassword}
-        aodh::keystone::auth::region: {get_param: KeystoneRegion}
-        aodh::keystone::auth::tenant: 'service'
         aodh::db::mysql::user: aodh
         aodh::db::mysql::password: {get_param: AodhPassword}
         aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
@@ -102,3 +96,11 @@ outputs:
           - "%{hiera('mysql_bind_host')}"
         aodh::auth::auth_region: 'regionOne'
         aodh::auth::auth_tenant_name: 'service'
+      service_config_settings:
+        keystone:
+          aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
+          aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
+          aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]}
+          aodh::keystone::auth::password: {get_param: AodhPassword}
+          aodh::keystone::auth::region: {get_param: KeystoneRegion}
+          aodh::keystone::auth::tenant: 'service'
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index c8f679c..50431e3 100644 (file)
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -77,5 +77,7 @@ outputs:
                   '"%{::fqdn_$NETWORK}"'
                 params:
                   $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+      service_config_settings:
+          get_attr: [CeilometerServiceBase, role_data, service_config_settings]
       step_config: |
         include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 62fdd5c..25fccd9 100644 (file)
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -107,12 +107,6 @@ outputs:
         ceilometer::dispatcher::gnocchi::filter_project: 'service'
         ceilometer::dispatcher::gnocchi::archive_policy: 'low'
         ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
-        ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
-        ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
-        ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
-        ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
-        ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
-        ceilometer::keystone::auth::tenant: 'service'
         ceilometer::rabbit_userid: {get_param: RabbitUserName}
         ceilometer::rabbit_password: {get_param: RabbitPassword}
         ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
@@ -127,3 +121,11 @@ outputs:
         ceilometer::db::database_db_max_retries: -1
         ceilometer::db::database_max_retries: -1
         ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
+      service_config_settings:
+        keystone:
+          ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
+          ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
+          ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
+          ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
+          ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
+          ceilometer::keystone::auth::tenant: 'service'
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
index 6bb4f6d..18a4b78 100644 (file)
--- a/puppet/services/ceph-rgw.yaml
+++ b/puppet/services/ceph-rgw.yaml
@@ -67,11 +67,13 @@ outputs:
             tripleo.ceph_rgw.firewall_rules:
               '122 ceph rgw':
                 dport: {get_param: [EndpointMap, CephRgwInternal, port]}
-            ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
-            ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
-            ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
-            ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
-            ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
-            ceph::rgw::keystone::auth::tenant: 'service'
       step_config: |
         include ::tripleo::profile::base::ceph::rgw
+      service_config_settings:
+        keystone:
+          ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
+          ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
+          ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
+          ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
+          ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
+          ceph::rgw::keystone::auth::tenant: 'service'
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 1dae9f1..875a3aa 100644 (file)
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -65,19 +65,8 @@ outputs:
             cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
             cinder::keystone::authtoken::password: {get_param: CinderPassword}
             cinder::keystone::authtoken::project_name: 'service'
-            cinder::keystone::auth::tenant: 'service'
-            cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
-            cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
-            cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
-            cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
-            cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
-            cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
-            cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
-            cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
-            cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
-            cinder::keystone::auth::password: {get_param: CinderPassword}
-            cinder::keystone::auth::region: {get_param: KeystoneRegion}
             cinder::api::enable_proxy_headers_parsing: true
+
             cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
             # TODO(emilien) move it to puppet-cinder
             cinder::config:
@@ -98,3 +87,17 @@ outputs:
             cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
       step_config: |
         include ::tripleo::profile::base::cinder::api
+      service_config_settings:
+        keystone:
+          cinder::keystone::auth::tenant: 'service'
+          cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]}
+          cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
+          cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
+          cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
+          cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
+          cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
+          cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]}
+          cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]}
+          cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
+          cinder::keystone::auth::password: {get_param: CinderPassword}
+          cinder::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 51f19ba..c399bf4 100644 (file)
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -135,11 +135,6 @@ outputs:
         glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
         glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
         glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
-        glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
-        glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
-        glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
-        glance::keystone::auth::password: {get_param: GlancePassword }
-        glance::keystone::auth::region: {get_param: KeystoneRegion}
         glance::registry::db::database_db_max_retries: -1
         glance::registry::db::database_max_retries: -1
         tripleo.glance_api.firewall_rules:
@@ -147,7 +142,6 @@ outputs:
             dport:
               - 9292
               - 13292
-        glance::keystone::auth::tenant: 'service'
         glance::api::authtoken::project_name: 'service'
         glance::api::pipeline: 'keystone'
         glance::api::show_image_direct_url: true
@@ -160,3 +154,11 @@ outputs:
         glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
       step_config: |
         include ::tripleo::profile::base::glance::api
+      service_config_settings:
+        keystone:
+          glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+          glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+          glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+          glance::keystone::auth::password: {get_param: GlancePassword }
+          glance::keystone::auth::region: {get_param: KeystoneRegion}
+          glance::keystone::auth::tenant: 'service'
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 07d3b01..481a44c 100644 (file)
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -78,12 +78,6 @@ outputs:
                   - 13041
             gnocchi::api::enabled: true
             gnocchi::api::service_name: 'httpd'
-            gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
-            gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
-            gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
-            gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
-            gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
-            gnocchi::keystone::auth::tenant: 'service'
             gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
             gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
             gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
@@ -110,3 +104,11 @@ outputs:
             gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
       step_config: |
         include ::tripleo::profile::base::gnocchi::api
+      service_config_settings:
+        keystone:
+          gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+          gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
+          gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
+          gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
+          gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+          gnocchi::keystone::auth::tenant: 'service'
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 4e9c45e..a47fec5 100644 (file)
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -60,12 +60,6 @@ outputs:
         map_merge:
           - get_attr: [HeatBase, role_data, config_settings]
           - heat::api_cfn::workers: {get_param: HeatWorkers}
-            heat::keystone::auth_cfn::tenant: 'service'
-            heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
-            heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
-            heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
-            heat::keystone::auth_cfn::password: {get_param: HeatPassword}
-            heat::keystone::auth::region: {get_param: KeystoneRegion}
             tripleo.heat_api_cfn.firewall_rules:
               '125 heat_cfn':
                 dport:
@@ -80,3 +74,11 @@ outputs:
             heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
       step_config: |
         include ::tripleo::profile::base::heat::api_cfn
+      service_config_settings:
+        keystone:
+          heat::keystone::auth_cfn::tenant: 'service'
+          heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]}
+          heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]}
+          heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
+          heat::keystone::auth_cfn::password: {get_param: HeatPassword}
+          heat::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index edaff77..2ea96fc 100644 (file)
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -60,12 +60,6 @@ outputs:
         map_merge:
           - get_attr: [HeatBase, role_data, config_settings]
           - heat::api::workers: {get_param: HeatWorkers}
-            heat::keystone::auth::tenant: 'service'
-            heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
-            heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
-            heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
-            heat::keystone::auth::password: {get_param: HeatPassword}
-            heat::keystone::auth::region: {get_param: KeystoneRegion}
             tripleo.heat_api.firewall_rules:
               '125 heat_api':
                 dport:
@@ -80,3 +74,11 @@ outputs:
             heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
       step_config: |
         include ::tripleo::profile::base::heat::api
+      service_config_settings:
+        keystone:
+          heat::keystone::auth::tenant: 'service'
+          heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]}
+          heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
+          heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
+          heat::keystone::auth::password: {get_param: HeatPassword}
+          heat::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 5c3f370..19e54f5 100644 (file)
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -58,12 +58,6 @@ outputs:
             ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
             # This is used to build links in responses
             ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
-            ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
-            ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
-            ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
-            ironic::keystone::auth::auth_name: 'ironic'
-            ironic::keystone::auth::password: {get_param: IronicPassword }
-            ironic::keystone::auth::tenant: 'service'
             tripleo.ironic_api.firewall_rules:
               '133 ironic api':
                 dport:
@@ -71,3 +65,11 @@ outputs:
                   - 13385
       step_config: |
         include ::tripleo::profile::base::ironic::api
+      service_config_settings:
+        keystone:
+          ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
+          ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+          ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
+          ironic::keystone::auth::auth_name: 'ironic'
+          ironic::keystone::auth::password: {get_param: IronicPassword }
+          ironic::keystone::auth::tenant: 'service'
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 1513ab3..531b4b0 100644 (file)
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -51,14 +51,6 @@ outputs:
             manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
             manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
             manila::keystone::authtoken::project_name: 'service'
-            manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
-            manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
-            manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
-            manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
-            manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
-            manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
-            manila::keystone::auth::password: {get_param: ManilaPassword }
-            manila::keystone::auth::region: {get_param: KeystoneRegion }
             # NOTE: bind IP is found in Heat replacing the network name with the
             # local node IP for the given network; replacement examples
             # (eg. for internal_api):
@@ -69,4 +61,13 @@ outputs:
             manila::api::enable_proxy_headers_parsing: true
       step_config: |
         include ::tripleo::profile::base::manila::api
-
+      service_config_settings:
+        keystone:
+          manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
+          manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
+          manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
+          manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
+          manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
+          manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
+          manila::keystone::auth::password: {get_param: ManilaPassword}
+          manila::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index b939e7b..8cfa20b 100644 (file)
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -114,12 +114,6 @@ outputs:
                   - '@'
                   - {get_param: [EndpointMap, MysqlInternal, host]}
                   - '/ovs_neutron'
-            neutron::keystone::auth::tenant: 'service'
-            neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
-            neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
-            neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
-            neutron::keystone::auth::password: {get_param: NeutronPassword}
-            neutron::keystone::auth::region: {get_param: KeystoneRegion}
             neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
             neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
             neutron::server::api_workers: {get_param: NeutronWorkers}
@@ -161,3 +155,11 @@ outputs:
             neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
       step_config: |
         include tripleo::profile::base::neutron::server
+      service_config_settings:
+        keystone:
+          neutron::keystone::auth::tenant: 'service'
+          neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]}
+          neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
+          neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
+          neutron::keystone::auth::password: {get_param: NeutronPassword}
+          neutron::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 9d42fe6..25ae017 100644 (file)
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -94,12 +94,6 @@ outputs:
             nova::api::default_floating_pool: 'public'
             nova::api::sync_db_api: true
             nova::api::enable_proxy_headers_parsing: true
-            nova::keystone::auth::tenant: 'service'
-            nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
-            nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
-            nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
-            nova::keystone::auth::password: {get_param: NovaPassword}
-            nova::keystone::auth::region: {get_param: KeystoneRegion}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP
@@ -113,3 +107,11 @@ outputs:
 
       step_config: |
         include tripleo::profile::base::nova::api
+      service_config_settings:
+        keystone:
+          nova::keystone::auth::tenant: 'service'
+          nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]}
+          nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
+          nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
+          nova::keystone::auth::password: {get_param: NovaPassword}
+          nova::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index 8085d54..4f139b5 100644 (file)
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -61,11 +61,6 @@ outputs:
           - get_attr: [SaharaBase, role_data, config_settings]
           - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
             sahara::service::api::api_workers: {get_param: SaharaWorkers}
-            sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
-            sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
-            sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
-            sahara::keystone::auth::password: {get_param: SaharaPassword }
-            sahara::keystone::auth::region: {get_param: KeystoneRegion}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP
@@ -79,3 +74,11 @@ outputs:
                   - 13386
       step_config: |
         include ::tripleo::profile::base::sahara::api
+      service_config_settings:
+        keystone:
+          sahara::keystone::auth::tenant: 'service'
+          sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
+          sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
+          sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
+          sahara::keystone::auth::password: {get_param: SaharaPassword }
+          sahara::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index c1ab8e8..c3986b7 100644 (file)
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -85,6 +85,5 @@ outputs:
           - storm
         sahara::rpc_backend: rabbit
         sahara::admin_tenant_name: 'service'
-        sahara::keystone::auth::tenant: 'service'
         sahara::db::database_db_max_retries: -1
         sahara::db::database_max_retries: -1
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 6a9bab7..7b5fa40 100644 (file)
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -102,4 +102,8 @@ outputs:
           yaql:
             expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null))
             data: {get_attr: [ServiceChain, role_data]}
+      service_config_settings:
+        yaql:
+          expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
+          data: {get_attr: [ServiceChain, role_data]}
       step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index d7b0cd7..8b990bc 100644 (file)
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -66,25 +66,11 @@ outputs:
             swift::proxy::authtoken::project_name: 'service'
             swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
             swift::proxy::workers: {get_param: SwiftWorkers}
-            swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
-            swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
-            swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
-            swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
-            swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
-            swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
-            swift::keystone::auth::password: {get_param: SwiftPassword}
-            swift::keystone::auth::region: {get_param: KeystoneRegion}
             tripleo.swift_proxy.firewall_rules:
               '122 swift proxy':
                 dport:
                   - 8080
                   - 13808
-            swift::keystone::auth::tenant: 'service'
-            swift::keystone::auth::configure_s3_endpoint: false
-            swift::keystone::auth::operator_roles:
-              - admin
-              - swiftoperator
-              - ResellerAdmin
             swift::proxy::keystone::operator_roles:
               - admin
               - swiftoperator
@@ -113,3 +99,19 @@ outputs:
             swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
       step_config: |
         include ::tripleo::profile::base::swift::proxy
+      service_config_settings:
+        keystone:
+          swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+          swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+          swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+          swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+          swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+          swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+          swift::keystone::auth::password: {get_param: SwiftPassword}
+          swift::keystone::auth::region: {get_param: KeystoneRegion}
+          swift::keystone::auth::tenant: 'service'
+          swift::keystone::auth::configure_s3_endpoint: false
+          swift::keystone::auth::operator_roles:
+            - admin
+            - swiftoperator
+            - ResellerAdmin