Fix heat user dependencies
With the heat::deps implementation, we should ensure that the users are created in before the heat::service::end anchor rather than the service itself. This can lead to issues when we move the service to httpd and it is colocated with keystone. Additionally the authtoken class needs to include the ::heat::deps class. Change-Id: I0c2b5e0e3671d37fb0450cd25dd6287bebda4dcb
This commit is contained in:
parent
739a15ffb2
commit
b5b48d9863
manifests/keystone
@ -138,8 +138,7 @@ class heat::keystone::auth (
|
||||
}
|
||||
|
||||
if $configure_user_role {
|
||||
Keystone_user_role["${auth_name}@${tenant}"] ~>
|
||||
Service <| name == 'heat-api' |>
|
||||
Keystone_user_role["${auth_name}@${tenant}"] ~> Anchor['heat::service::end']
|
||||
}
|
||||
|
||||
if $manage_heat_stack_user_role {
|
||||
|
@ -106,8 +106,7 @@ class heat::keystone::auth_cfn (
|
||||
}
|
||||
|
||||
if $configure_user_role {
|
||||
Keystone_user_role["${auth_name}@${tenant}"] ~>
|
||||
Service <| name == 'heat-api-cfn' |>
|
||||
Keystone_user_role["${auth_name}@${tenant}"] ~> Anchor['heat::service::end']
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -223,6 +223,8 @@ class heat::keystone::authtoken(
|
||||
$token_cache_time = $::os_service_default,
|
||||
) {
|
||||
|
||||
include ::heat::deps
|
||||
|
||||
if is_service_default($password) {
|
||||
fail('Please set password for heat service user')
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user