Browse code
Add support for creating heat stack domain
The Heat instance-users blueprint requires an additional domain
where heat creates projects and users related to stack resources
so add support for creating this domain when configured to install
Heat. Note a workaround is currently required to make the
openstack command work with the v3 keystone API.
Change-Id: I36157372d85b577952b55481ca5cc42146011a54
Steven Hardy authored on 2014/02/14 00:00:33Showing 2 changed files
| ... | ... |
@@ -110,6 +110,15 @@ function configure_heat() {
|
| 110 | 110 |
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
| 111 | 111 |
iniset $HEAT_CONF ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens |
| 112 | 112 |
|
| 113 |
+ # stack user domain |
|
| 114 |
+ # Note we have to pass token/endpoint here because the current endpoint and |
|
| 115 |
+ # version negotiation in OSC means just --os-identity-api-version=3 won't work |
|
| 116 |
+ KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3" |
|
| 117 |
+ D_ID=$(openstack --os-token $OS_SERVICE_TOKEN --os-url=$KS_ENDPOINT_V3 \ |
|
| 118 |
+ --os-identity-api-version=3 domain show heat \ |
|
| 119 |
+ | grep ' id ' | get_field 2) |
|
| 120 |
+ iniset $HEAT_CONF stack_user_domain ${D_ID}
|
|
| 121 |
+ |
|
| 113 | 122 |
# paste_deploy |
| 114 | 123 |
[[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone |
| 115 | 124 |
|
| ... | ... |
@@ -196,6 +205,17 @@ function disk_image_create {
|
| 196 | 196 |
upload_image "http://localhost/$output.qcow2" $TOKEN |
| 197 | 197 |
} |
| 198 | 198 |
|
| 199 |
+# create_heat_accounts() - Set up common required heat accounts |
|
| 200 |
+# Note this is in addition to what is in files/keystone_data.sh |
|
| 201 |
+function create_heat_accounts() {
|
|
| 202 |
+ # Note we have to pass token/endpoint here because the current endpoint and |
|
| 203 |
+ # version negotiation in OSC means just --os-identity-api-version=3 won't work |
|
| 204 |
+ KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3" |
|
| 205 |
+ openstack --os-token $OS_SERVICE_TOKEN --os-url=$KS_ENDPOINT_V3 \ |
|
| 206 |
+ --os-identity-api-version=3 domain create heat \ |
|
| 207 |
+ --description "Owns users and projects created by heat" |
|
| 208 |
+} |
|
| 209 |
+ |
|
| 199 | 210 |
# Restore xtrace |
| 200 | 211 |
$XTRACE |
| 201 | 212 |
|
| ... | ... |
@@ -938,6 +938,10 @@ if is_service_enabled key; then |
| 938 | 938 |
create_swift_accounts |
| 939 | 939 |
fi |
| 940 | 940 |
|
| 941 |
+ if is_service_enabled heat; then |
|
| 942 |
+ create_heat_accounts |
|
| 943 |
+ fi |
|
| 944 |
+ |
|
| 941 | 945 |
# ``keystone_data.sh`` creates services, admin and demo users, and roles. |
| 942 | 946 |
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \ |
| 943 | 947 |
SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \ |