Create keystone domains via client state starting from Q
Service resources should be managed by client states to avoid
races in setup.
This patch explicitly denies creating domains from keystone.server
state starting from Q, as they still not work due to removed
service token and formula design.
Change-Id: Ic1687756f494160dc1e5af1394ed1c6c638285ec
Related-Prod: PROD-25698
diff --git a/keystone/server.sls b/keystone/server.sls
index 02579cf..95094a6 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -560,11 +560,9 @@
{%- endif %}
{%- if server.domain is defined %}
- {%- for domain_name, domain in server.domain.items() %}
-{#- can't use RC file here as identity endpoint may not be present in keystone #}
-{#- as we will add it later in keystone.client state. Use endpoint override here. #}
-{#- will be fixed when switched to keystone bootstrap. #}
-{#- TODO: move domain creation to keystone.client state. #}
+ {# Starting from Q release domain should be created via keystone.client state #}
+ {%- if server.version in ['mitaka', 'newton', 'ocata', 'pike'] %}
+ {%- for domain_name, domain in server.domain.items() %}
keystone_domain_{{ domain_name }}:
cmd.run:
- name: openstack --os-identity-api-version 3
@@ -582,7 +580,8 @@
- require:
- file: /root/keystonercv3
- sls: keystone.db.offline_sync
- {%- endfor %}
+ {%- endfor %}
+ {%- endif %}
{%- endif %}
{%- endif %}