From e389aed5bdb6d0a0c5b1fbc672f62628726a6544 Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Tue, 23 Sep 2014 17:10:39 +1200
Subject: [PATCH] Allow heat standalone to work devstack stack

For functional testing of heat-standalone it is desirable for
heat to orchestrate on the rest of the cloud which is brought up
by devstack. This change makes the following changes to enable
this when HEAT_STANDALONE=True:

- Don't register the orchestration endpoint or create any dedicated
  heat accounts
- Install and configure the heat keystone V2 auth plugin instead of
  the default v3
- set heat.conf [clients_heat] url so that heat can call its own
  API when no orchestration endpoint is registered
- Modify create_userrc.sh to set the required heat client env
  variables to work with the standalone heat

Change-Id: Idae33bf1a9d550e2575e6390d2d7c8d3b94c401d
---
 lib/heat               | 13 ++++++++++---
 stack.sh               |  6 +++++-
 tools/create_userrc.sh |  9 ++++++++-
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/lib/heat b/lib/heat
index a74d7b51ac..dead3c2b51 100644
--- a/lib/heat
+++ b/lib/heat
@@ -40,6 +40,8 @@ HEAT_CONF=$HEAT_CONF_DIR/heat.conf
 HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
 HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
 HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
+HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
+HEAT_API_PORT=${HEAT_API_PORT:-8004}
 
 # other default options
 HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
@@ -69,6 +71,9 @@ function cleanup_heat {
 # configure_heat() - Set config files, create data dirs, etc
 function configure_heat {
     setup_develop $HEAT_DIR
+    if [[ "$HEAT_STANDALONE" = "True" ]]; then
+        setup_develop $HEAT_DIR/contrib/heat_keystoneclient_v2
+    fi
 
     if [[ ! -d $HEAT_CONF_DIR ]]; then
         sudo mkdir -p $HEAT_CONF_DIR
@@ -83,8 +88,6 @@ function configure_heat {
     HEAT_ENGINE_PORT=${HEAT_ENGINE_PORT:-8001}
     HEAT_API_CW_HOST=${HEAT_API_CW_HOST:-$HOST_IP}
     HEAT_API_CW_PORT=${HEAT_API_CW_PORT:-8003}
-    HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
-    HEAT_API_PORT=${HEAT_API_PORT:-8004}
     HEAT_API_PASTE_FILE=$HEAT_CONF_DIR/api-paste.ini
     HEAT_POLICY_FILE=$HEAT_CONF_DIR/policy.json
 
@@ -127,7 +130,11 @@ function configure_heat {
     iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
 
     # paste_deploy
-    [[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone
+    if [[ "$HEAT_STANDALONE" = "True" ]]; then
+        iniset $HEAT_CONF paste_deploy flavor standalone
+        iniset $HEAT_CONF DEFAULT keystone_backend heat_keystoneclient_v2.client.KeystoneClientV2
+        iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
+    fi
 
     # OpenStack API
     iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
diff --git a/stack.sh b/stack.sh
index c20e61031d..0b09e5fb61 100755
--- a/stack.sh
+++ b/stack.sh
@@ -988,7 +988,7 @@ if is_service_enabled key; then
         create_swift_accounts
     fi
 
-    if is_service_enabled heat; then
+    if is_service_enabled heat && [[ "$HEAT_STANDALONE" != "True" ]]; then
         create_heat_accounts
     fi
 
@@ -1289,6 +1289,10 @@ if is_service_enabled nova && is_service_enabled key; then
         USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
     fi
 
+    if [[ "$HEAT_STANDALONE" = "True" ]]; then
+        USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1"
+    fi
+
     $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
 fi
 
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 5b1111ae54..863fe0359e 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -37,6 +37,7 @@ Optional Arguments
 -C <tenant_name> create user and tenant, the specifid tenant will be the user's tenant
 -r <name> when combined with -C and the (-u) user exists it will be the user's tenant role in the (-C)tenant (default: Member)
 -p <userpass> password for the user
+--heat-url <heat_url>
 --os-username <username>
 --os-password <admin password>
 --os-tenant-name <tenant_name>
@@ -53,12 +54,13 @@ $0 -P -C mytenant -u myuser -p mypass
 EOF
 }
 
-if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-name:,os-tenant-id:,os-auth-url:,target-dir:,skip-tenant:,os-cacert:,help,debug -- "$@"); then
+if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-name:,os-tenant-id:,os-auth-url:,target-dir:,heat-url:,skip-tenant:,os-cacert:,help,debug -- "$@"); then
     display_help
     exit 1
 fi
 eval set -- $options
 ADDPASS=""
+HEAT_URL=""
 
 # The services users usually in the service tenant.
 # rc files for service users, is out of scope.
@@ -79,6 +81,7 @@ while [ $# -gt 0 ]; do
     --os-auth-url) export OS_AUTH_URL=$2; shift ;;
     --os-cacert) export OS_CACERT=$2; shift ;;
     --target-dir) ACCOUNT_DIR=$2; shift ;;
+    --heat-url) HEAT_URL=$2; shift ;;
     --debug) set -o xtrace ;;
     -u) MODE=${MODE:-one};  USER_NAME=$2; shift ;;
     -p) USER_PASS=$2; shift ;;
@@ -209,6 +212,10 @@ EOF
     if [ -n "$ADDPASS" ]; then
         echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"
     fi
+    if [ -n "$HEAT_URL" ]; then
+        echo "export HEAT_URL=\"$HEAT_URL/$tenant_id\"" >>"$rcfile"
+        echo "export OS_NO_CLIENT_AUTH=True" >>"$rcfile"
+    fi
 }
 
 #admin users expected