change keystone ownership

Change-Id: I08d53406f4d0fee3f315fb389f3b58db0a91b982
2014-03-23 07:48:28 -07:00 · 2014-03-23 07:48:28 -07:00 · 88e6bd9d54
commit 88e6bd9d54
parent 2d2a6e97e3
4 changed files with 28 additions and 11 deletions
--- a/chef/cookbooks/openstack-common/attributes/default.rb
+++ b/chef/cookbooks/openstack-common/attributes/default.rb
@ -29,7 +29,8 @@
 default["openstack"]["developer_mode"] = true

 # The type of token signing to use (uuid or pki)
-default["openstack"]["auth"]["strategy"] = "uuid"
+#default["openstack"]["auth"]["strategy"] = "uuid"
+default["openstack"]["auth"]["strategy"] = "pki"

 # Set to true where using self-signed certs (in testing environments)
 default["openstack"]["auth"]["validate_certs"] = true
--- a/chef/cookbooks/openstack-identity/recipes/server.rb
+++ b/chef/cookbooks/openstack-identity/recipes/server.rb
@ -88,6 +88,14 @@ file "/var/lib/keystone/keystone.db" do
  action :delete
 end

+["/etc/keystone/keystone.conf", "/etc/keystone/logging.conf"].each do |file|
+  file file do
+    owner node["openstack"]["identity"]["user"]
+    group node["openstack"]["identity"]["group"]
+    mode  00700
+  end
+end
+
 execute "keystone-manage pki_setup" do
  user node["openstack"]["identity"]["user"]

--- a/chef/databags/openstack/openstack.json
+++ b/chef/databags/openstack/openstack.json
@ -5,7 +5,8 @@
      "os-ops-messaging": "openstack message queue node",
      "os-image": "openstack image node",
      "os-ops-database": "openstack database node",
-      "os-compute-worker": "openstack nova node"
+      "os-compute-worker": "openstack nova node",
+      "os-ha": "Software load balance node"
    },
  "role_mapping": {
      "os-controller": {
@ -103,7 +104,7 @@
  "ha": {
    "status": "disable",
    "haproxy": {
-      "vip": "10.145.88.231",
+      "vip": "",
      "roles": {
        "os-controller": ["dashboard_http","dashboard_https","keystone_admin", "keystone_public_internal","nova_ec2_api","nova_compute_api","cinder_api","neutron_api"],
        "os-image": ["glance_api","glance_registry_cluster"]
@ -111,18 +112,12 @@
    },
    "keepalived": {
      "router_ids": {
-        "node1.name_in_chef_server": "lsb01",
-        "node2.name_in_chef_server": "lsb02"
      },
      "instance_name": {
-        "vip": "10.145.88.231",
+        "vip": "",
        "priorities": {
-          "node1.name_in_chef_server": 110,
-          "node2.name_in_chef_server": 101
        },
        "states": {
-          "centos-10-145-88-152": "BACKUP",
-          "centos-10-145-88-153": "MASTER"
        }
      }
    }
@ -214,6 +209,7 @@
          "bundles" : [ ],
          "exclusives" : [ "os-controller" ],
          "roles" : [
+              "os-ha",
              "os-ops-database",
              "os-ops-messaging",
              "os-controller",
@ -224,7 +220,13 @@
            ],
          "default_min" : 1,
          "default_max" : 1,
-          "maxs" : { "os-compute-worker": -1 }
+          "maxs" : { 
+              "os-compute-worker": -1,
+              "os-ha": 0
+            },
+          "mins": {
+              "os-ha": 0
+            }
        },
      "policy_by_host_numbers" : {
          "1" : { 
--- a/chef/roles/os-ha.rb
+++ b/chef/roles/os-ha.rb
@ -0,0 +1,6 @@
+name "os-ha"
+description "Software load banance"
+run_list(
+  "recipe[keepalived]",  
+  "recipe[haproxy::tcp_lb]"
+  )