heat/bin/heat-keystone-setup-domain
Clint Byrum e8ab2b4745 Distribute create_heat_domain
Rename it to heat-keystone-setup-domain and ship it in bin with the
other helper scripts. This will make it consumable by automated systems
and packaging.

Change-Id: I7914869377cd08b6201007aa0eb6b8a70d763254
2014-04-25 21:13:12 -07:00

94 lines
3.5 KiB
Python
Executable File

#!/usr/bin/env python
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import logging
import os
import sys
import keystoneclient.exceptions as kc_exception
from keystoneclient.v3 import client
logger = logging.getLogger(__name__)
DEBUG = False
USERNAME = os.environ.get('OS_USERNAME', None)
PASSWORD = os.environ.get('OS_PASSWORD', None)
AUTH_URL = os.environ.get('OS_AUTH_URL', '').replace('v2.0', 'v3')
HEAT_DOMAIN_NAME = os.environ.get('HEAT_DOMAIN', 'heat')
HEAT_DOMAIN_ADMIN = os.environ.get('HEAT_DOMAIN_ADMIN', 'heat_domain_admin')
HEAT_DOMAIN_PASSWORD = os.environ.get('HEAT_DOMAIN_PASSWORD', None)
HEAT_DOMAIN_DESCRIPTION = 'Contains users and projects created by heat'
logger.debug("USERNAME=%s" % USERNAME)
logger.debug("PASSWORD=%s" % PASSWORD)
logger.debug("AUTH_URL=%s" % AUTH_URL)
def main():
log_lvl = logging.DEBUG if DEBUG else logging.INFO
logging.basicConfig(
format="%(levelname)s (%(module)s:%(lineno)d) %(message)s",
level=log_lvl)
c = client.Client(debug=DEBUG,
username=USERNAME,
password=PASSWORD,
auth_url=AUTH_URL,
endpoint=AUTH_URL)
c.authenticate()
# Create the heat domain
logger.info("Creating domain %s" % HEAT_DOMAIN_NAME)
try:
heat_domain = c.domains.create(name=HEAT_DOMAIN_NAME,
description=HEAT_DOMAIN_DESCRIPTION)
except kc_exception.Conflict:
logger.warning("Domain %s already exists" % HEAT_DOMAIN_NAME)
heat_domain = c.domains.list(name=HEAT_DOMAIN_NAME)[0]
if heat_domain.name != HEAT_DOMAIN_NAME:
logger.error("Unexpected filtered list response, please upgrade "
"keystoneclient to >= 0.5")
sys.exit(1)
# Create heat domain admin user
if not HEAT_DOMAIN_PASSWORD:
logger.error("Must export HEAT_DOMAIN_PASSWORD for domain admin user")
sys.exit(1)
try:
domain_admin = c.users.create(name=HEAT_DOMAIN_ADMIN,
password=HEAT_DOMAIN_PASSWORD,
domain=heat_domain,
description="Heat domain admin")
except kc_exception.Conflict:
logger.warning("User %s already exists" % HEAT_DOMAIN_ADMIN)
domain_admin = c.users.list(name=HEAT_DOMAIN_ADMIN)[0]
# Make the user a domain admin
roles_list = c.roles.list()
# FIXME(shardy): seems filtering roles by name currently doesn't work
admin_role = [r for r in roles_list
if r.name == 'admin'][0]
c.roles.grant(role=admin_role, user=domain_admin, domain=heat_domain)
print("\nPlease update your heat.conf with the following in [DEFAULT]\n")
print("stack_user_domain=%s" % heat_domain.id)
print("stack_domain_admin=%s" % HEAT_DOMAIN_ADMIN)
print("stack_domain_admin_password=%s" % HEAT_DOMAIN_PASSWORD)
if __name__ == "__main__":
main()