Browse code
Allow heat-standalone to work with keystone v3
Heat can now run in standalone mode with the default v3 keystone
backend.
This change removes the installation of the v2 contrib backend.
It also configures saner defaults when HEAT_STANDALONE is True.
Using trusts and a stack-domain will never work in standalone mode
since they both require a service user which doesn't exist in
standalone mode.
Finally, this change prevents heat.conf being populated with service user options
not required by standalone mode.
Configuring the v2 backend may be reintroduced later with a dedicated
flag variable.
Change-Id: I88403e359e5e59e776b25ba1b65fae6fa8a3548e
Steve Baker authored on 2014/12/16 08:00:40Showing 2 changed files
| ... | ... |
@@ -49,13 +49,19 @@ HEAT_CONF_DIR=/etc/heat |
| 49 | 49 |
HEAT_CONF=$HEAT_CONF_DIR/heat.conf |
| 50 | 50 |
HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d |
| 51 | 51 |
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates |
| 52 |
-HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN) |
|
| 53 | 52 |
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
|
| 54 | 53 |
HEAT_API_PORT=${HEAT_API_PORT:-8004}
|
| 55 | 54 |
|
| 56 | 55 |
|
| 57 | 56 |
# other default options |
| 58 |
-HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
|
|
| 57 |
+if [[ "$HEAT_STANDALONE" = "True" ]]; then |
|
| 58 |
+ # for standalone, use defaults which require no service user |
|
| 59 |
+ HEAT_STACK_DOMAIN=`trueorfalse False $HEAT_STACK_DOMAIN` |
|
| 60 |
+ HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-password}
|
|
| 61 |
+else |
|
| 62 |
+ HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN` |
|
| 63 |
+ HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
|
|
| 64 |
+fi |
|
| 59 | 65 |
|
| 60 | 66 |
# Tell Tempest this project is present |
| 61 | 67 |
TEMPEST_SERVICES+=,heat |
| ... | ... |
@@ -77,13 +83,11 @@ function cleanup_heat {
|
| 77 | 77 |
sudo rm -rf $HEAT_AUTH_CACHE_DIR |
| 78 | 78 |
sudo rm -rf $HEAT_ENV_DIR |
| 79 | 79 |
sudo rm -rf $HEAT_TEMPLATES_DIR |
| 80 |
+ sudo rm -rf $HEAT_CONF_DIR |
|
| 80 | 81 |
} |
| 81 | 82 |
|
| 82 | 83 |
# configure_heat() - Set config files, create data dirs, etc |
| 83 | 84 |
function configure_heat {
|
| 84 |
- if [[ "$HEAT_STANDALONE" = "True" ]]; then |
|
| 85 |
- setup_develop $HEAT_DIR/contrib/heat_keystoneclient_v2 |
|
| 86 |
- fi |
|
| 87 | 85 |
|
| 88 | 86 |
if [[ ! -d $HEAT_CONF_DIR ]]; then |
| 89 | 87 |
sudo mkdir -p $HEAT_CONF_DIR |
| ... | ... |
@@ -127,24 +131,22 @@ function configure_heat {
|
| 127 | 127 |
# auth plugin setup. This should be fixed in heat. Heat is also the only |
| 128 | 128 |
# service that requires the auth_uri to include a /v2.0. Remove this custom |
| 129 | 129 |
# setup when bug #1300246 is resolved. |
| 130 |
- iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 131 | 130 |
iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
| 132 |
- iniset $HEAT_CONF keystone_authtoken admin_user heat |
|
| 133 |
- iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
|
| 134 |
- iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
| 135 |
- iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE |
|
| 136 |
- iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR |
|
| 137 |
- |
|
| 138 |
- # ec2authtoken |
|
| 139 |
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
|
| 140 |
- |
|
| 141 |
- # paste_deploy |
|
| 142 | 131 |
if [[ "$HEAT_STANDALONE" = "True" ]]; then |
| 143 | 132 |
iniset $HEAT_CONF paste_deploy flavor standalone |
| 144 |
- iniset $HEAT_CONF DEFAULT keystone_backend heat_keystoneclient_v2.client.KeystoneClientV2 |
|
| 145 | 133 |
iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s" |
| 134 |
+ else |
|
| 135 |
+ iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 136 |
+ iniset $HEAT_CONF keystone_authtoken admin_user heat |
|
| 137 |
+ iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
|
| 138 |
+ iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
| 139 |
+ iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE |
|
| 140 |
+ iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR |
|
| 146 | 141 |
fi |
| 147 | 142 |
|
| 143 |
+ # ec2authtoken |
|
| 144 |
+ iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
|
| 145 |
+ |
|
| 148 | 146 |
# OpenStack API |
| 149 | 147 |
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT |
| 150 | 148 |
iniset $HEAT_CONF heat_api workers "$API_WORKERS" |
| ... | ... |
@@ -243,29 +245,32 @@ function stop_heat {
|
| 243 | 243 |
|
| 244 | 244 |
# create_heat_accounts() - Set up common required heat accounts |
| 245 | 245 |
function create_heat_accounts {
|
| 246 |
- create_service_user "heat" "admin" |
|
| 247 |
- |
|
| 248 |
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
|
| 249 |
- |
|
| 250 |
- local heat_service=$(get_or_create_service "heat" \ |
|
| 251 |
- "orchestration" "Heat Orchestration Service") |
|
| 252 |
- get_or_create_endpoint $heat_service \ |
|
| 253 |
- "$REGION_NAME" \ |
|
| 254 |
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 255 |
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 256 |
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" |
|
| 257 |
- |
|
| 258 |
- local heat_cfn_service=$(get_or_create_service "heat-cfn" \ |
|
| 259 |
- "cloudformation" "Heat CloudFormation Service") |
|
| 260 |
- get_or_create_endpoint $heat_cfn_service \ |
|
| 261 |
- "$REGION_NAME" \ |
|
| 262 |
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 263 |
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 264 |
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" |
|
| 265 |
- fi |
|
| 246 |
+ if [[ "$HEAT_STANDALONE" != "True" ]]; then |
|
| 247 |
+ |
|
| 248 |
+ create_service_user "heat" "admin" |
|
| 249 |
+ |
|
| 250 |
+ if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
|
| 251 |
+ |
|
| 252 |
+ local heat_service=$(get_or_create_service "heat" \ |
|
| 253 |
+ "orchestration" "Heat Orchestration Service") |
|
| 254 |
+ get_or_create_endpoint $heat_service \ |
|
| 255 |
+ "$REGION_NAME" \ |
|
| 256 |
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 257 |
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
|
| 258 |
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" |
|
| 259 |
+ |
|
| 260 |
+ local heat_cfn_service=$(get_or_create_service "heat-cfn" \ |
|
| 261 |
+ "cloudformation" "Heat CloudFormation Service") |
|
| 262 |
+ get_or_create_endpoint $heat_cfn_service \ |
|
| 263 |
+ "$REGION_NAME" \ |
|
| 264 |
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 265 |
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ |
|
| 266 |
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" |
|
| 267 |
+ fi |
|
| 266 | 268 |
|
| 267 |
- # heat_stack_user role is for users created by Heat |
|
| 268 |
- get_or_create_role "heat_stack_user" |
|
| 269 |
+ # heat_stack_user role is for users created by Heat |
|
| 270 |
+ get_or_create_role "heat_stack_user" |
|
| 271 |
+ fi |
|
| 269 | 272 |
|
| 270 | 273 |
if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then |
| 271 | 274 |
iniset $HEAT_CONF DEFAULT deferred_auth_method trusts |