Merge "keystone: enable fernet across all CI"

2018-02-08 02:09:00 +00:00 · 2018-02-08 02:09:00 +00:00 · aa238891f5
commit aa238891f5
parent d209db89f2 5aeac6db6f
4 changed files with 12 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -43,7 +43,6 @@ scenario](#all-in-one).
 | ssl        |     yes     |      yes    |      yes    |     yes     |     no       |
 | ipv6       |   centos7   |    centos7  |    centos7  |   centos7   |     no       |
 | keystone   |      X      |       X     |       X     |      X      |      X       |
 | tokens     |    uuid     |     uuid    |    fernet   |   fernet    |    uuid      |
 | glance     |     rbd     |     swift   |     file    |  swift+rgw  |    file      |
 | nova       |     rbd     |       X     |       X     |     rbd     |      X       |
 | neutron    |     ovs     |      ovs    | linuxbridge |     ovs     |     ovs      |
--- a/fixtures/scenario003.pp
+++ b/fixtures/scenario003.pp
@ -56,9 +56,7 @@ include ::openstack_integration::cacert
 include ::openstack_integration::memcached
 include ::openstack_integration::rabbitmq
 include ::openstack_integration::mysql
-class { '::openstack_integration::keystone':
+include ::openstack_integration::keystone
  token_provider => 'fernet',
 }
 include ::openstack_integration::glance
 class { '::openstack_integration::neutron':
  driver => 'linuxbridge',
--- a/fixtures/scenario004.pp
+++ b/fixtures/scenario004.pp
@ -42,9 +42,7 @@ include ::openstack_integration::cacert
 include ::openstack_integration::memcached
 include ::openstack_integration::rabbitmq
 include ::openstack_integration::mysql
-class { '::openstack_integration::keystone':
+include ::openstack_integration::keystone
  token_provider => 'fernet',
 }
 class { '::openstack_integration::glance':
  backend => 'swift',
 }
--- a/manifests/keystone.pp
+++ b/manifests/keystone.pp
@ -11,10 +11,6 @@
 #   and the associated configuration in keystone.conf is set up right.
 #   Defaults to false
 #
 # [*token_provider*]
 #   (optional) Define the token provider to use.
 #   Default to 'uuid'.
 #
 # [*token_expiration*]
 #   (optional) Define the token expiration to use.
 #   Default to '600'.
@ -23,7 +19,6 @@
 class openstack_integration::keystone (
  $default_domain      = undef,
  $using_domain_config = false,
  $token_provider      = 'uuid',
  $token_expiration    = '600',
 ) {
@ -43,18 +38,20 @@ class openstack_integration::keystone (
    Exec['update-ca-certificates'] ~> Service['httpd']
  }
-  if $token_provider == 'fernet' {
+  # Keystone credential setup is not packaged in UCA yet.
-    $enable_fernet_setup = true
+  # It should be done when Newton is released.
-    class { '::keystone::cron::fernet_rotate':
+  if $::osfamily == 'RedHat' {
-      hour   => '*',
+    $enable_credential_setup = true
      minute => '*/5',
    }
  } else {
-    $enable_fernet_setup = false
+    $enable_credential_setup = false
  }
  class { '::keystone::client': }
  class { '::keystone::cron::token_flush': }
  class { '::keystone::cron::fernet_rotate':
    hour   => '*',
    minute => '*/5',
  }
  class { '::keystone::db::mysql':
    password => 'keystone',
  }
@ -71,8 +68,7 @@ class openstack_integration::keystone (
    public_bind_host           => $::openstack_integration::config::host,
    admin_bind_host            => $::openstack_integration::config::host,
    manage_policyrcd           => true,
-    token_provider             => $token_provider,
+    enable_credential_setup    => $enable_credential_setup,
    enable_fernet_setup        => $enable_fernet_setup,
    fernet_max_active_keys     => '4',
    token_expiration           => $token_expiration,
    default_transport_url      => os_transport_url({