openstack
/
heat
Code Issues Proposed changes
OpenStack Orchestration (Heat)
10,455 Commits 9 Branches 47 Tags 209 MiB
Python 99.3%
Shell 0.7%
Go to file
Steven Hardy 67f12e5e24 Add trustee config group to sample config 
Some time ago, we added support for a new "trustee" config section,
aimed at allowing independent configuration of the credentials used
to obtain trust-scoped tokens for deferred authentication.  One of the
main reasons for this was to avoid incorrectly using the keystone
auth_token section, and as such a deprecation warning was added when
we fall back to using that config section for heat.

Unfortunately we didn't capture this new section in the sample config
because it's registered via keystoneclient.auth, so this adds support
for this section to the sample config generated via tox -e genconfig,
and adds some notes clarifying usage to the auth_plugin option.

To move to the new config syntax, but maintain the current behavior,
which is to delegate to the heat service user, you can add this section
to your heat.conf

[trustee]
auth_plugin = password
auth_url = http://<keystone hostname or IP>:35357
username = heat
password = password
user_domain_id = default

The generated config documents many more options, all of those supported
by the keystoneclient v3 Password auth plugin, but these are the minimum
to enable delegation to the heat service user in the default domain.

In new deployments this could be set to some other user (such as one created
in the heat domain), but note that the trustee should not be changed for
existing deployments where stacks exist, as the trust stored inside heat
defines a relationship between the stack owner (trustor) and a specific
trustee (which will be the heat service user if the deployment is using
the deprecated path that steals credentials from keystone auth_token).

Change-Id: I30aeb765a2246ce54b10972ae7187655d85cde1f
Partial-Bug: #1300246
 		2015-12-07 17:42:17 +00:00
bin Deprecate heat-keystone-setup 2015-11-13 10:28:42 +08:00
contrib Check resource_id before calling network delete 2015-12-01 16:34:52 -06:00
devstack/upgrade Fix grenade upgrade script dependency 2015-10-29 14:24:03 +01:00
doc Merge "Fix tox -e docs build in py3" 2015-12-03 09:39:07 +00:00
etc/heat Merge "Add APIs implementation for output functions" 2015-11-26 15:35:00 +00:00
heat Add trustee config group to sample config 2015-12-07 17:42:17 +00:00
heat_integrationtests Skip CeilometerAlarmTest.test_alarm 2015-12-07 11:03:32 +05:30
heat_upgradetests In-tree grenade support for Heat 2015-07-02 17:23:22 +05:30
rally-scenarios Replace github with openstack git repo 2015-10-21 09:51:40 +08:00
releasenotes add "unreleased" release notes page 2015-12-03 04:30:00 -05:00
tools py34: cleanup 2015-10-08 20:10:54 +05:30
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:26:58 +00:00
.gitignore Add reno for release notes management 2015-12-01 15:04:39 +00:00
.gitreview Update .gitreview for org move. 2012-12-02 17:46:15 +00:00
.testr.conf Add separate requirements.txt to integration tests 2015-04-01 09:02:13 +00:00
CONTRIBUTING.rst Workflow documentation is now in infra-manual 2014-12-05 03:30:36 +00:00
HACKING.rst cleanup of hacking.rst heat doc 2015-04-28 16:47:07 -04:00
LICENSE Initial commit (basics copied from glance) 2012-03-13 21:48:07 +11:00
README.rst replace git protocol by https 2015-10-22 10:06:05 +08:00
babel.cfg Add setup.py and friends 2012-03-14 09:25:54 +11:00
bandit.yaml tox environment for `bandit` 2015-07-08 09:13:35 -04:00
config-generator.conf Add trustee config group to sample config 2015-12-07 17:42:17 +00:00
install.sh install.sh: stop using deprecated option group for rabbit 2015-09-01 19:01:34 +02:00
openstack-common.conf Switch to oslo.service 2015-06-23 08:30:39 +02:00
pylintrc Directives to not use variable names that conflict with pdb 2012-03-20 07:16:16 -04:00
requirements.txt Updated from global requirements 2015-11-27 22:37:16 +00:00
setup.cfg Add trustee config group to sample config 2015-12-07 17:42:17 +00:00
setup.py Updated from global requirements 2015-09-22 10:40:48 +00:00
test-requirements.txt Updated from global requirements 2015-12-03 15:03:08 +00:00
tox.ini Add reno for release notes management 2015-12-01 15:04:39 +00:00
uninstall.sh Add uninstall script for Heat 2012-06-23 22:41:30 -04:00

README.rst

Heat

Heat is a service to orchestrate multiple composite cloud applications using templates, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.

Why heat? It makes the clouds rise and keeps them there.

Getting Started

If you'd like to run from the master branch, you can clone the git repo:

git clone https://git.openstack.org/openstack/heat

Python client

https://git.openstack.org/cgit/openstack/python-heatclient

References

We have integration with