Browse code
Move heat keystone setup into lib/heat
Move the heat setup which currently happens in files/keystone_data.sh
to lib/heat, where we have create_heat_accounts.
Move the user, role, service and endpoint creation as that is consistent
with what other services, e.g lib/nova are doing.
Change-Id: Iaa2c822cad581d6b2b4f22f8863daf81e25f8485
Steven Hardy authored on 2014/03/01 01:37:43Showing 3 changed files
| ... | ... |
@@ -53,41 +53,6 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" | |
| 53 | 53 |
--role ResellerAdmin |
| 54 | 54 |
fi |
| 55 | 55 |
|
| 56 |
-# Heat |
|
| 57 |
-if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then |
|
| 58 |
- keystone user-create --name=heat \ |
|
| 59 |
- --pass="$SERVICE_PASSWORD" \ |
|
| 60 |
- --tenant $SERVICE_TENANT_NAME \ |
|
| 61 |
- --email=heat@example.com |
|
| 62 |
- keystone user-role-add --tenant $SERVICE_TENANT_NAME \ |
|
| 63 |
- --user heat \ |
|
| 64 |
- --role service |
|
| 65 |
- # heat_stack_user role is for users created by Heat |
|
| 66 |
- keystone role-create --name heat_stack_user |
|
| 67 |
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
|
| 68 |
- keystone service-create \ |
|
| 69 |
- --name=heat-cfn \ |
|
| 70 |
- --type=cloudformation \ |
|
| 71 |
- --description="Heat CloudFormation Service" |
|
| 72 |
- keystone endpoint-create \ |
|
| 73 |
- --region RegionOne \ |
|
| 74 |
- --service heat-cfn \ |
|
| 75 |
- --publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 76 |
- --adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 77 |
- --internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" |
|
| 78 |
- keystone service-create \ |
|
| 79 |
- --name=heat \ |
|
| 80 |
- --type=orchestration \ |
|
| 81 |
- --description="Heat Service" |
|
| 82 |
- keystone endpoint-create \ |
|
| 83 |
- --region RegionOne \ |
|
| 84 |
- --service heat \ |
|
| 85 |
- --publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 86 |
- --adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 87 |
- --internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" |
|
| 88 |
- fi |
|
| 89 |
-fi |
|
| 90 |
- |
|
| 91 | 56 |
# Glance |
| 92 | 57 |
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then |
| 93 | 58 |
keystone user-create \ |
| ... | ... |
@@ -197,8 +197,49 @@ function disk_image_create {
|
| 197 | 197 |
} |
| 198 | 198 |
|
| 199 | 199 |
# create_heat_accounts() - Set up common required heat accounts |
| 200 |
-# Note this is in addition to what is in files/keystone_data.sh |
|
| 201 | 200 |
function create_heat_accounts {
|
| 201 |
+ # migrated from files/keystone_data.sh |
|
| 202 |
+ SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
|
| 203 |
+ ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
|
| 204 |
+ |
|
| 205 |
+ HEAT_USER=$(openstack user create \ |
|
| 206 |
+ heat \ |
|
| 207 |
+ --password "$SERVICE_PASSWORD" \ |
|
| 208 |
+ --project $SERVICE_TENANT \ |
|
| 209 |
+ --email heat@example.com \ |
|
| 210 |
+ | grep " id " | get_field 2) |
|
| 211 |
+ openstack role add \ |
|
| 212 |
+ $ADMIN_ROLE \ |
|
| 213 |
+ --project $SERVICE_TENANT \ |
|
| 214 |
+ --user $HEAT_USER |
|
| 215 |
+ if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
|
| 216 |
+ HEAT_SERVICE=$(openstack service create \ |
|
| 217 |
+ heat \ |
|
| 218 |
+ --type=orchestration \ |
|
| 219 |
+ --description="Heat Orchestration Service" \ |
|
| 220 |
+ | grep " id " | get_field 2) |
|
| 221 |
+ openstack endpoint create \ |
|
| 222 |
+ $HEAT_SERVICE \ |
|
| 223 |
+ --region RegionOne \ |
|
| 224 |
+ --publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 225 |
+ --adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 226 |
+ --internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" |
|
| 227 |
+ HEAT_CFN_SERVICE=$(openstack service create \ |
|
| 228 |
+ heat \ |
|
| 229 |
+ --type=cloudformation \ |
|
| 230 |
+ --description="Heat CloudFormation Service" \ |
|
| 231 |
+ | grep " id " | get_field 2) |
|
| 232 |
+ openstack endpoint create \ |
|
| 233 |
+ $HEAT_CFN_SERVICE \ |
|
| 234 |
+ --region RegionOne \ |
|
| 235 |
+ --publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 236 |
+ --adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 237 |
+ --internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" |
|
| 238 |
+ fi |
|
| 239 |
+ |
|
| 240 |
+ # heat_stack_user role is for users created by Heat |
|
| 241 |
+ openstack role create heat_stack_user |
|
| 242 |
+ |
|
| 202 | 243 |
# Note we have to pass token/endpoint here because the current endpoint and |
| 203 | 244 |
# version negotiation in OSC means just --os-identity-api-version=3 won't work |
| 204 | 245 |
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3" |
| ... | ... |
@@ -934,8 +934,7 @@ if is_service_enabled key; then |
| 934 | 934 |
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \ |
| 935 | 935 |
SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \ |
| 936 | 936 |
S3_SERVICE_PORT=$S3_SERVICE_PORT KEYSTONE_CATALOG_BACKEND=$KEYSTONE_CATALOG_BACKEND \ |
| 937 |
- DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES HEAT_API_CFN_PORT=$HEAT_API_CFN_PORT \ |
|
| 938 |
- HEAT_API_PORT=$HEAT_API_PORT \ |
|
| 937 |
+ DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \ |
|
| 939 | 938 |
bash -x $FILES/keystone_data.sh |
| 940 | 939 |
|
| 941 | 940 |
# Set up auth creds now that keystone is bootstrapped |