Because manila-share is a pacemaker-managed service, it has to be
on the controller node. If you deploy the api services to a
different node, then manila-share loses access to the authtoken
hieradata generated by manila-api. Adding it explicitly to the
manila-share config allows this setup to deploy sanely.
Note that I'm having a different problem with manila db-syncs in
this setup, so there's likely another patch required to get it
fully working.
Change-Id: Iac782fa67ea912d24b9905dd8bbafb8ff28dd669
Partial-Bug:
1633077
MonitoringSubscriptionManilaShare:
default: 'overcloud-manila-share'
type: string
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
resources:
ManilaBase:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- manila::volume::cinder::cinder_admin_tenant_name: 'service'
+ manila::keystone::authtoken::password: {get_param: ManilaPassword}
+ manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::project_name: 'service'
step_config: |
include ::tripleo::profile::base::manila::share
Code Review / apex-tripleo-heat-templates.git / commitdiff