Open Stack

On 03/29/2016 07:43 PM, Emilien Macchi wrote:
> On Tue, Mar 29, 2016 at 6:19 PM, Adam Young <ayoung at redhat.com> wrote:
>> Somewhere in here:
>>
>> http://git.openstack.org/cgit/openstack/puppet-keystone/tree/spec/classes/keystone_spec.rb
>>
>> I need to set these options:
>>
>>
>> admin_project_name
>> admin_project_domain_name
>>
>> http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/config.py#n450
>> http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/config.py#n453
>>
>>
>> If they are unset, we should default them to 'admin' and 'Default' on new
>> installs, and leave them blank on old installs.
>>
>>
>> Can anyone point me in the right direction?
> You'll need to patch puppet-keystone/manifests/init.pp (and unit
> tests) (using $::os_service_default for the default value, which will
> take the default in keystone, blank).
>
> Important note:
> If for whatever reason, puppet-keystone providers need these 2 options
> loaded in the environment, please also patch [1]. Because after
> initial deployment, Puppet catalog will read from /root/openrc file to
> connect to Keystone API.
>
> Ignore my last comment if you don't need these 2 params during
> authentication when using openstackclient (in our providers).
SO, while they do, it is for completely unrelated reason.

The two values above are for making it possible to limit which "admin" 
role assignments are for Cloud-wide administrator as opposed to project 
specific.  See https://bugs.launchpad.net/keystone/+bug/968696  for context.





>
> [1] https://github.com/openstack/puppet-openstack_extras/blob/master/manifests/auth_file.pp
>
> Let us know if you need help,
>
> Thanks!