Once I have the undercloud deployed, I want to be able to quickly deploy and redeploy overclouds. However, my last attempt to affect change on the overcloud did not modify the Keystone config file the way I intended. Once again, Steve Hardy helped me to understand what I was doing wrong.
Summary
/tmp/deploy_env.yml already definied ControllerExtraConfig: and my redefinition was ignored.
The Details
I’ve been using Quickstart to develop. To deploy the overcloud, I run the script /home/stack/overcloud-deploy.sh which, in turn, runs the command:
openstack overcloud deploy --templates --libvirt-type qemu --control-flavor oooq_control --compute-flavor oooq_compute --ceph-storage-flavor oooq_ceph --timeout 90 -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/net-single-nic-with-vlans.yaml -e $HOME/network-environment.yaml --control-scale 3 --neutron-network-type vxlan --neutron-tunnel-types vxlan -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml --ntp-server pool.ntp.org \ ${DEPLOY_ENV_YAML:+-e $DEPLOY_ENV_YAML}Â "$@"|| deploy_status=1
I want to set two parameters in the Keystone config file, so I created a file named keystone_extra_config.yml
parameter_defaults: ControllerExtraConfig: keystone::using_domain_config: true keystone::domain_config_directory: /path/to/config
And edited /home/stack/overcloud-deploy.sh to add in -e /home/stack/keystone_extra_config.yml likwe this:
openstack overcloud deploy --templates --libvirt-type qemu --control-flavor oooq_control --compute-flavor oooq_compute --ceph-storage-flavor oooq_ceph --timeout 90 -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/net-single-nic-with-vlans.yaml -e $HOME/network-environment.yaml --control-scale 3 --neutron-network-type vxlan --neutron-tunnel-types vxlan -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml --ntp-server pool.ntp.org \ ${DEPLOY_ENV_YAML:+-e $DEPLOY_ENV_YAML} -e /home/stack/keystone_extra_config.yml "$@"|| deploy_status=1
I have run this both on an already deployed overcloud and from an undercloud with no stacks deployed, but in neither case have I seen the values in the config file.
Steve Hardy walked me through this from the CLI:
openstack stack resource list -n5 overcloud | grep “OS::TripleO::Controller ”
| 1 | b4a558a2-297d-46c6-b658-46f9dc0fcd51 | OS::TripleO::Controller | CREATE_COMPLETE | 2016-07-28T01:49:02 | overcloud-Controller-y2lmuipmynnt |
| 0 | 5b93eee2-97f6-4b8e-b9a0-b5edde6b4795 | OS::TripleO::Controller | CREATE_COMPLETE | 2016-07-28T01:49:02 | overcloud-Controller-y2lmuipmynnt |
| 2 | 1fdfdfa9-759b-483c-a943-94f4c7b04d3b | OS::TripleO::Controller | CREATE_COMPLETE | 2016-07-28T01:49:02 | overcloud-Controller-y2lmuipmynnt
Looking in to each of these stacks for the string “ontrollerExtraConfig” showed that it was defined, but was not showing my values. Thus, my customization was not even making it as far as the Heat database.
I went back to the quickstart command and did a grep through the files included with the -e flags, and found the deploy_env.yml file already had defined this field. Once I merged my changes into /tmp/deploy_env.yml, I saw the values specified in the Hiera data.
Of course, due to a different mistake I made, the deploy failed. When specifying domain specific backends in a config directory, puppet validates the path….can’t pass in garbage like I was doing, just for debugging.
Once I got things clean, tore down the old overcloud and redeployed, everything worked. Here was the final /home/stack/deploy_env.yaml environment file I used:
parameter_defaults: controllerExtraConfig: keystone::using_domain_config: true keystone::config::keystone_config: identity/domain_configurations_from_database: value: true # In releases before Mitaka, HeatWorkers doesn't modify # num_engine_workers, so handle via heat::config heat::config::heat_config: DEFAULT/num_engine_workers: value: 1 heat::api_cloudwatch::enabled: false heat::api_cfn::enabled: false HeatWorkers: 1 CeilometerWorkers: 1 CinderWorkers: 1 GlanceWorkers: 1 KeystoneWorkers: 1 NeutronWorkers: 1 NovaWorkers: 1 SwiftWorkers: 1
And the modified version of overcloud-deploy now executes this command:
# Deploy the overcloud! openstack overcloud deploy --debug --templates --libvirt-type qemu --control-flavor oooq_control --compute-flavor oooq_compute --ceph-storage-flavor oooq_ceph --timeout 90 -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/net-single-nic-with-vlans.yaml -e $HOME/network-environment.yaml --control-scale 3 --neutron-network-type vxlan --neutron-tunnel-types vxlan -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml --ntp-server pool.ntp.org -e /home/stack/deploy_env.yaml "$@"|| deploy_status=1
Looking in the controller nodes /etc/keystone/keystone.conf file I see:
#domain_specific_drivers_enabled = false domain_specific_drivers_enabled = True # Extract the domain specific configuration options from the resource backend # where they have been stored with the domain data. This feature is disabled by # default (in which case the domain specific options will be loaded from files # in the domain configuration directory); set to true to enable. (boolean # value) #domain_configurations_from_database = false domain_configurations_from_database = True # Path for Keystone to locate the domain specific identity configuration files # if domain_specific_drivers_enabled is set to true. (string value) #domain_config_dir = /etc/keystone/domains domain_config_dir = /etc/keystone/domains