Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / e4ee26e68efe441db8cd2a9a8f0d97e7fbe82d13^! / .
commite4ee26e68efe441db8cd2a9a8f0d97e7fbe82d13[log] [tgz]
authorOleksii Grudev <ogrudev@mirantis.com>Tue Aug 14 16:51:23 2018 +0300
committerOleksii Grudev <ogrudev@mirantis.com>Tue Aug 14 17:06:55 2018 +0300
treea78396c5c6af870aa76e9f018988e39ffcc761d8
parente921ab9af150d25ed03713b860ba7fce177ba740 [diff]
Create keystone user prior to keystone server

Prior to this patch keystone user was created before
keystone server installation only if
system.glusterfs.client.volume.keystone was set in the model hence
keystone user was created only by keystone salt state in AIO
models. Keystone user creation prior to keystone server installation is
needed by rsync fernet rotation mechanism. As of now keystone user and
group definition were moved to new linux system class which is
included in system.glusterfs.client.volume.keystone and
system.keystone.server.cluster, single

Related-PROD: PROD-19973
Change-Id: I852b392964040aa41dfbb683095e53bb1cf13f3a

diff --git a/glusterfs/client/volume/keystone.yml b/glusterfs/client/volume/keystone.yml
index a93c0c1..f0a6e30 100644
--- a/glusterfs/client/volume/keystone.yml
+++ b/glusterfs/client/volume/keystone.yml

@@ -1,3 +1,5 @@
+classes:
+- system.linux.system.users.keystone
 parameters:
   _param:
     keystone_glusterfs_service_host: ${_param:glusterfs_service_host}
@@ -20,20 +22,3 @@
           user: keystone
           group: keystone
           opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
-  linux:
-    system:
-      user:
-        keystone:
-          enabled: true
-          name: keystone
-          home: /var/lib/keystone
-          uid: 301
-          gid: 301
-          shell: /bin/false
-          system: True
-      group:
-        keystone:
-          enabled: true
-          name: keystone
-          gid: 301
-          system: True

diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 7e6980b..4c24975 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml

@@ -3,6 +3,7 @@
 - service.keepalived.cluster.single
 - system.haproxy.proxy.listen.openstack.keystone
 - system.haproxy.proxy.listen.openstack.keystone.standalone
+- system.linux.system.users.keystone
 parameters:
   _param:
     keystone_tokens_expiration: 3600

diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 2b1e89e..68a29a7 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml

@@ -1,5 +1,6 @@
 classes:
 - service.keystone.server.single
+- system.linux.system.users.keystone
 parameters:
   _param:
     keystone_service_token: token

diff --git a/linux/system/users/keystone.yml b/linux/system/users/keystone.yml
new file mode 100644
index 0000000..14e38dd
--- /dev/null
+++ b/linux/system/users/keystone.yml

@@ -0,0 +1,18 @@
+parameters:
+  linux:
+    system:
+      user:
+        keystone:
+          enabled: true
+          name: keystone
+          home: /var/lib/keystone
+          uid: 301
+          gid: 301
+          shell: /bin/false
+          system: True
+      group:
+        keystone:
+          enabled: true
+          name: keystone
+          gid: 301
+          system: True