Puppet Class: keystone::deps

Defined in:
manifests/deps.pp

Overview

Class: keystone::deps

keystone anchors and dependency management



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'manifests/deps.pp', line 5

class keystone::deps {
  # Setup anchors for install, config and service phases of the module.  These
  # anchors allow external modules to hook the begin and end of any of these
  # phases.  Package or service management can also be replaced by ensuring the
  # package is absent or turning off service management and having the
  # replacement depend on the appropriate anchors.  When applicable, end tags
  # should be notified so that subscribers can determine if installation,
  # config or service state changed and act on that if needed.
  anchor { 'keystone::install::begin': }
  -> Package<| tag == 'keystone-package'|>
  ~> anchor { 'keystone::install::end': }
  -> anchor { 'keystone::config::begin': }
  -> Keystone_config<||>
  ~> anchor { 'keystone::config::end': }
  -> anchor { 'keystone::db::begin': }
  -> anchor { 'keystone::db::end': }
  ~> anchor { 'keystone::dbsync::begin': }
  -> anchor { 'keystone::dbsync::end': }
  ~> anchor { 'keystone::service::begin': }
  ~> Service<| tag == 'keystone-service' |>
  ~> anchor { 'keystone::service::end': }

  # credential file for keystone api access should be generated during
  # configuration phase
  Anchor['keystone::config::begin']
  -> Keystone_puppet_config<||>
  ~> Anchor['keystone::config::end']

  # On any uwsgi config change, we must restart Keystone.
  Anchor['keystone::config::begin']
  -> Keystone_uwsgi_config<||>
  ~> Anchor['keystone::config::end']

  # all cache settings should be applied and all packages should be installed
  # before service startup
  Oslo::Cache<||> -> Anchor['keystone::service::begin']

  # all db settings should be applied and all packages should be installed
  # before dbsync starts
  Oslo::Db<||> -> Anchor['keystone::dbsync::begin']

  # policy config should occur in the config block also.
  Anchor['keystone::config::begin']
  -> Openstacklib::Policy<| tag == 'keystone' |>
  ~> Anchor['keystone::config::end']

  # Support packages need to be installed in the install phase, but we don't
  # put them in the chain above because we don't want any false dependencies
  # between packages with the keystone-package tag and the keystone-support-package
  # tag.  Note: the package resources here will have a 'before' relationship on
  # the keystone::install::end anchor.  The line between keystone-support-package and
  # keystone-package should be whether or not keystone services would need to be
  # restarted if the package state was changed.
  Anchor['keystone::install::begin']
  -> Package<| tag == 'keystone-support-package'|>
  -> Anchor['keystone::install::end']

  # We need openstackclient before marking service end so that keystone
  # will have clients available to create resources. This tag handles the
  # openstackclient but indirectly since the client is not available in
  # all catalogs that don't need the client class (like many spec tests)
  Package<| tag == 'openstack'|>
  ~> Anchor['keystone::service::end']

  # The following resources need to be provisioned after the service is up.
  Anchor['keystone::service::end']
  -> Keystone_domain<||>
  Anchor['keystone::service::end']
  -> Keystone_endpoint<||>
  Anchor['keystone::service::end']
  -> Keystone_role<||>
  Anchor['keystone::service::end']
  -> Keystone_service<||>
  Anchor['keystone::service::end']
  -> Keystone_tenant<||>
  Anchor['keystone::service::end']
  -> Keystone_user<||>
  Anchor['keystone::service::end']
  -> Keystone_user_role<||>

  # Installation or config changes will always restart services.
  Anchor['keystone::install::end'] ~> Anchor['keystone::service::begin']
  Anchor['keystone::config::end']  ~> Anchor['keystone::service::begin']

  # Install the package before the Apache module purges wsgi-keystone.conf.
  # Otherwise, the run isn't idempotent.
  Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-enabled' |>
  Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-available' |>

  # Bootstrap needs to be executed after fernet keys are created/generated.
  Exec<| title == 'keystone-manage fernet_setup' |> -> Exec<| title == 'keystone bootstrap' |>
  File<| tag == 'keystone-fernet-key' |> -> Exec<| title == 'keystone bootstrap' |>
}