X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fkeystone%2Fmanifests%2Finit.pp;h=b406e326c0910a48e0f5bdd703ecc4bc449da1bc;hb=2dc39f2a756f82040d82cba324b21f44fad8ef3f;hp=20c2011e318bcd25156700e38c4f17c33f94f73a;hpb=d4b6110c989169c702f039a4c7dc1b309685bba3;p=mirror%2Fdsa-puppet.git

diff --git a/3rdparty/modules/keystone/manifests/init.pp b/3rdparty/modules/keystone/manifests/init.pp
index 20c2011e3..b406e326c 100644
--- a/3rdparty/modules/keystone/manifests/init.pp
+++ b/3rdparty/modules/keystone/manifests/init.pp
@@ -363,6 +363,14 @@
 #   (Optional) Number of maximum active Fernet keys. Integer > 0.
 #   Defaults to undef
 #
+# [*default_domain*]
+#   (optional) When Keystone v3 support is enabled, v2 clients will need
+#   to have a domain assigned for certain operations.  For example,
+#   doing a user create operation must have a domain associated with it.
+#   This is the domain which will be used if a domain is needed and not
+#   explicitly set in the request.
+#   Defaults to undef (will use built-in Keystone default)
+#
 # == Dependencies
 #  None
 #
@@ -467,6 +475,7 @@ class keystone(
   $enable_fernet_setup    = false,
   $fernet_key_repository  = '/etc/keystone/fernet-keys',
   $fernet_max_active_keys = undef,
+  $default_domain         = undef,
   # DEPRECATED PARAMETERS
   $mysql_module           = undef,
   $compute_port           = undef,
@@ -927,4 +936,27 @@ class keystone(
     }
   }
 
+  if $default_domain {
+    keystone_domain { $default_domain:
+      ensure     => present,
+      enabled    => true,
+      is_default => true,
+      require    => File['/etc/keystone/keystone.conf'],
+      notify     => Exec['restart_keystone'],
+    }
+    # Update this code when https://bugs.launchpad.net/keystone/+bug/1472285 is addressed.
+    # 1/ Keystone needs to be started before creating the default domain
+    # 2/ Once the default domain is created, we can query Keystone to get the default domain ID
+    # 3/ The Keystone_domain provider has in charge of doing the query and configure keystone.conf
+    # 4/ After such a change, we need to restart Keystone service.
+    # restart_keystone exec is doing 4/, it restart Keystone if we have a new default domain setted
+    # and if we manage the service to be enabled.
+    if $manage_service and $enabled {
+      exec { 'restart_keystone':
+        path        => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'],
+        command     => "service ${service_name} restart",
+        refreshonly => true,
+      }
+    }
+  }
 }