Revert "Manage keystone initialization directly in t-h-t manifests"

This reverts commit 86d6c1ddc76bad423194e789ffb5474e4e12960e.

This likely has an impact on upgrades, and since we don't
have an upgrade CI job yet I'm concerned that we may have
just broken ourselves.  I would prefer to wait to merge this
until the CI job is in place.

Change-Id: Ib2366cb4b40471a28122f6e9955da9bdb31a53fb

diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 009199d..4504428 100644 (file)
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -727,24 +727,6 @@ resources:
             - - 'http://'
               - {get_param: HeatApiVirtualIP}
               - ':8000/v1/waitcondition'
-        heat_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8004/v1/%(tenant_id)s'
-        heat_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: HeatApiVirtualIP}
-              - ':8004/v1/%(tenant_id)s'
-        heat_admin_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: HeatApiVirtualIP}
-              - ':8004/v1/%(tenant_id)s'
         heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
         horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
         horizon_secret: {get_param: HorizonSecret}
@@ -777,42 +759,6 @@ resources:
               - '@'
               - {get_param: MysqlVirtualIP}
               - '/cinder'
-        cinder_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8776/v1/%(tenant_id)s'
-        cinder_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: CinderApiVirtualIP}
-              - ':8776/v1/%(tenant_id)s'
-        cinder_admin_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: CinderApiVirtualIP}
-              - ':8776/v1/%(tenant_id)s'
-        cinder_public_url_v2:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8776/v2/%(tenant_id)s'
-        cinder_internal_url_v2:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: CinderApiVirtualIP}
-              - ':8776/v2/%(tenant_id)s'
-        cinder_admin_url_v2:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: CinderApiVirtualIP}
-              - ':8776/v2/%(tenant_id)s'
         glance_port: {get_param: GlancePort}
         glance_password: {get_param: GlancePassword}
         glance_backend: {get_param: GlanceBackend}
@@ -965,19 +911,7 @@ resources:
               - '@'
               - {get_param: MysqlVirtualIP}
               - '/ovs_neutron?charset=utf8'
-        neutron_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: NeutronApiVirtualIP}
-              - ':9696'
-        neutron_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':9696'
-        neutron_admin_url:
+        neutron_url:
           list_join:
             - ''
             - - 'http://'
@@ -1006,24 +940,6 @@ resources:
               - '@'
               - {get_param: MysqlVirtualIP}
               - '/ceilometer'
-        ceilometer_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8777'
-        ceilometer_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: CeilometerApiVirtualIP}
-              - ':8777'
-        ceilometer_admin_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: CeilometerApiVirtualIP}
-              - ':8777'
         snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
         snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
         nova_password: {get_param: NovaPassword}
@@ -1035,60 +951,6 @@ resources:
               - '@'
               - {get_param: MysqlVirtualIP}
               - '/nova'
-        nova_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8774/v2/%(tenant_id)s'
-        nova_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: NovaApiVirtualIP}
-              - ':8774/v2/%(tenant_id)s'
-        nova_admin_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: NovaApiVirtualIP}
-              - ':8774/v2/%(tenant_id)s'
-        nova_v3_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8774/v3'
-        nova_v3_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: NovaApiVirtualIP}
-              - ':8774/v3'
-        nova_v3_admin_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: NovaApiVirtualIP}
-              - ':8774/v3'
-        nova_ec2_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8773/services/Cloud'
-        nova_ec2_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: NovaApiVirtualIP}
-              - ':8773/services/Cloud'
-        nova_ec2_admin_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: NovaApiVirtualIP}
-              - ':8773/services/Admin'
         fencing_config: {get_param: FencingConfig}
         pcsd_password: {get_param: PcsdPassword}
         rabbit_username: {get_param: RabbitUserName}
@@ -1118,42 +980,6 @@ resources:
         swift_replicas: {get_param: SwiftReplicas}
         swift_min_part_hours: {get_param: SwiftMinPartHours}
         swift_mount_check: {get_param: SwiftMountCheck}
-        swift_public_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8080/v1/AUTH_%(tenant_id)s'
-        swift_internal_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: SwiftProxyVirtualIP}
-              - ':8080/v1/AUTH_%(tenant_id)s'
-        swift_admin_url:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: SwiftProxyVirtualIP}
-              - ':8080'
-        swift_public_url_s3:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: PublicVirtualIP}
-              - ':8080'
-        swift_internal_url_s3:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: SwiftProxyVirtualIP}
-              - ':8080'
-        swift_admin_url_s3:
-          list_join:
-            - ''
-            - - 'http://'
-              - {get_param: SwiftProxyVirtualIP}
-              - ':8080'
         enable_package_install: {get_param: EnablePackageInstall}
         enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
         swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
@@ -1171,30 +997,6 @@ resources:
               - ':'
               - {get_param: GlancePort}
         glance_registry_host: {get_param: GlanceRegistryVirtualIP}
-        glance_public_url:
-          list_join:
-            - ''
-            - - {get_param: GlanceProtocol}
-              - '://'
-              - {get_param: PublicVirtualIP}
-              - ':'
-              - {get_param: GlancePort}
-        glance_internal_url:
-          list_join:
-            - ''
-            - - {get_param: GlanceProtocol}
-              - '://'
-              - {get_param: GlanceApiVirtualIP}
-              - ':'
-              - {get_param: GlancePort}
-        glance_admin_url:
-          list_join:
-            - ''
-            - - {get_param: GlanceProtocol}
-              - '://'
-              - {get_param: GlanceApiVirtualIP}
-              - ':'
-              - {get_param: GlancePort}
         heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
         keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
         keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -1281,14 +1083,6 @@ resources:
                 tripleo::ringbuilder::replicas: {get_input: swift_replicas}
                 tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
                 swift_mount_check: {get_input: swift_mount_check}
-                swift::keystone::auth::public_url: {get_input: swift_public_url }
-                swift::keystone::auth::internal_url: {get_input: swift_internal_url }
-                swift::keystone::auth::admin_url: {get_input: swift_admin_url }
-                swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
-                swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
-                swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
-                swift::keystone::auth::password: {get_input: swift_password }
-                swift::keystone::auth::region: {get_input: keystone_region}
 
                 # NOTE(dprince): build_ring support is currently not wired in.
                 # See: https://review.openstack.org/#/c/109225/
@@ -1316,14 +1110,6 @@ resources:
                 cinder::glance::glance_api_servers: {get_input: glance_api_servers}
                 cinder_backend_config: {get_input: CinderBackendConfig}
                 cinder::db::mysql::password: {get_input: cinder_password}
-                cinder::keystone::auth::public_url: {get_input: cinder_public_url }
-                cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
-                cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
-                cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
-                cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
-                cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
-                cinder::keystone::auth::password: {get_input: cinder_password }
-                cinder::keystone::auth::region: {get_input: keystone_region}
 
                 # Glance
                 glance::api::bind_port: {get_input: glance_port}
@@ -1348,11 +1134,6 @@ resources:
                 glance::backend::swift::swift_store_key: {get_input: glance_password}
                 glance_backend: {get_input: glance_backend}
                 glance::db::mysql::password: {get_input: glance_password}
-                glance::keystone::auth::public_url: {get_input: glance_public_url }
-                glance::keystone::auth::internal_url: {get_input: glance_internal_url }
-                glance::keystone::auth::admin_url: {get_input: glance_admin_url }
-                glance::keystone::auth::password: {get_input: glance_password }
-                glance::keystone::auth::region: {get_input: keystone_region}
                 glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
                 glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
                 glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
@@ -1378,11 +1159,6 @@ resources:
                 heat::database_connection: {get_input: heat_dsn}
                 heat::debug: {get_input: debug}
                 heat::db::mysql::password: {get_input: heat_password}
-                heat::keystone::auth::public_url: {get_input: heat_public_url }
-                heat::keystone::auth::internal_url: {get_input: heat_internal_url }
-                heat::keystone::auth::admin_url: {get_input: heat_admin_url }
-                heat::keystone::auth::password: {get_input: heat_password }
-                heat::keystone::auth::region: {get_input: keystone_region}
 
                 # Keystone
                 keystone::admin_token: {get_input: admin_token}
@@ -1464,11 +1240,6 @@ resources:
                 neutron_dsn: {get_input: neutron_dsn}
                 neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
                 neutron::db::mysql::password: {get_input: neutron_password}
-                neutron::keystone::auth::public_url: {get_input: neutron_public_url }
-                neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
-                neutron::keystone::auth::admin_url: {get_input: neutron_admin_url }
-                neutron::keystone::auth::password: {get_input: neutron_password }
-                neutron::keystone::auth::region: {get_input: keystone_region}
 
                 # Ceilometer
                 ceilometer_backend: {get_input: ceilometer_backend}
@@ -1487,11 +1258,6 @@ resources:
                 ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address}
                 ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
                 ceilometer::db::mysql::password: {get_input: ceilometer_password}
-                ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
-                ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
-                ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
-                ceilometer::keystone::auth::password: {get_input: ceilometer_password }
-                ceilometer::keystone::auth::region: {get_input: keystone_region}
                 snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
                 snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
 
@@ -1510,21 +1276,10 @@ resources:
                 nova::glance_api_servers: {get_input: glance_api_servers}
                 nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
                 nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
-                nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
+                nova::network::neutron::neutron_url: {get_input: neutron_url}
                 nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
                 nova::vncproxy::host: {get_input: nova_api_network}
                 nova::db::mysql::password: {get_input: nova_password}
-                nova::keystone::auth::public_url: {get_input: nova_public_url}
-                nova::keystone::auth::internal_url: {get_input: nova_internal_url}
-                nova::keystone::auth::admin_url: {get_input: nova_admin_url}
-                nova::keystone::auth::public_url_v3: {get_input: nova_v3_public_url}
-                nova::keystone::auth::internal_url_v3: {get_input: nova_v3_internal_url}
-                nova::keystone::auth::admin_url_v3: {get_input: nova_v3_admin_url}
-                nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url}
-                nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url}
-                nova::keystone::auth::ec2_admin_url:  {get_input: nova_ec2_admin_url}
-                nova::keystone::auth::password: {get_input: nova_password }
-                nova::keystone::auth::region: {get_input: keystone_region}
 
                 # Horizon
                 apache::ip: {get_input: horizon_network}

diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 07bfe54..81ee7cf 100644 (file)
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -39,13 +39,6 @@ cinder::api::keystone_tenant: 'service'
 swift::proxy::authtoken::admin_tenant_name: 'service'
 ceilometer::api::keystone_tenant: 'service'
 heat::keystone_tenant: 'service'
-glance::keystone::auth::tenant: 'service'
-nova::keystone::auth::tenant: 'service'
-neutron::keystone::auth::tenant: 'service'
-cinder::keystone::auth::tenant: 'service'
-swift::keystone::auth::tenant: 'service'
-ceilometer::keystone::auth::tenant: 'service'
-heat::keystone::auth::tenant: 'service'
 
 # keystone
 keystone::cron::token_flush::maxdelay: 3600
@@ -67,10 +60,6 @@ swift::proxy::pipeline:
   - 'proxy-server'
 
 swift::proxy::account_autocreate: true
-swift::keystone::auth::configure_s3_endpoint: false
-swift::keystone::auth::operator_roles:
-  - admin
-  - swiftoperator
 
 # glance
 glance::api::pipeline: 'keystone'
@@ -88,7 +77,6 @@ nova::notify_on_state_change: 'vm_and_task_state'
 nova::api::default_floating_pool: 'public'
 nova::api::osapi_v3: true
 nova::scheduler::filter::ram_allocation_ratio: '1.0'
-nova::keystone::auth::configure_ec2_endpoint: false
 
 # ceilometer
 ceilometer::agent::auth::auth_endpoint_type: 'internalURL'

diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 96302f2..813309e 100644 (file)
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -484,15 +484,6 @@ if hiera('step') >= 3 {
 
 if hiera('step') >= 4 {
   include ::keystone::cron::token_flush
-
-  include ::ceilometer::keystone::auth
-  include ::cinder::keystone::auth
-  include ::glance::keystone::auth
-  include ::heat::keystone::auth
-  include ::neutron::keystone::auth
-  include ::nova::keystone::auth
-  include ::swift::keystone::auth
-
 } #END STEP 4
 
 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])

diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 462530e..7181156 100644 (file)
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -1557,27 +1557,6 @@ if hiera('step') >= 5 {
     } ->
     class {'::keystone::endpoint' :
       require => Pacemaker::Resource::Service[$::keystone::params::service_name],
-    } ->
-    class { '::ceilometer::keystone::auth' :
-      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
-    } ->
-    class { '::cinder::keystone::auth' :
-      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
-    } ->
-    class { '::glance::keystone::auth' :
-      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
-    } ->
-    class { '::heat::keystone::auth' :
-      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
-    } ->
-    class { '::neutron::keystone::auth' :
-      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
-    } ->
-    class { '::nova::keystone::auth' :
-      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
-    } ->
-    class { '::swift::keystone::auth' :
-      require => Pacemaker::Resource::Service[$::keystone::params::service_name],
     }
 
   }