Updated repository for minimum viable kilo install
* Updated Keystone wsgi and paste files from upstream. * Updated all clients in the openstack_client.yml file. * Kilo services are tracking the head of master. * Removed pinned middleware because they're pinned else where. * Added additional service references for neutron vpnaas, fwaas, and lbaas which have now been moved into their own repos and no longer exist within the core neutron repository. * The neutron vpnaas, fwaas, and lbaas have been removed from the basic plugins being loaded and a comment has been added to describe how one might add them back in. * Updated rootwrap filters for neutron dhcp and l3. * Updated heat policy.json * Added the `python-libguestfs` to the nova-compute installation packages. * Updates all services to point to the latest kilo tag Services updated due to deprecated configs: * Keystone * Glance * Nova * Neutron (is still using the deprecated nova auth plugin) * Heat * Tempest Items for future work post initial release: * roles/os_neutron/files/post-up-checksum-rules:25: TODO(cloudnull) remove this script once the bug is fixed. * roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml:17: TODO(someone): implement a more robust way of checking Implements: blueprint minimal-kilo Closes-Bug: 1428421 Closes-Bug: 1428431 Closes-Bug: 1428437 Closes-Bug: 1428445 Closes-Bug: 1428451 Closes-Bug: 1428469 Closes-Bug: 1428639 Change-Id: I28a305d9e40a9cf70148ef7d7b00d467a65ca076
This commit is contained in:
Kevin Carter
parent
542b1543de
commit
84cc7ffeb5
|
|
@ -1,6 +1,7 @@
|
|||
|
||||
# heat-api pipeline
|
||||
[pipeline:heat-api]
|
||||
pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app
|
||||
pipeline = request_id faultwrap ssl versionnegotiation osprofiler authurl authtoken context apiv1app
|
||||
|
||||
# heat-api pipeline for standalone heat
|
||||
# ie. uses alternative auth backend that authenticates users against keystone
|
||||
|
|
@ -11,7 +12,7 @@ pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app
|
|||
# flavor = standalone
|
||||
#
|
||||
[pipeline:heat-api-standalone]
|
||||
pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1app
|
||||
pipeline = request_id faultwrap ssl versionnegotiation authurl authpassword context apiv1app
|
||||
|
||||
# heat-api pipeline for custom cloud backends
|
||||
# i.e. in heat.conf:
|
||||
|
|
@ -19,11 +20,11 @@ pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1ap
|
|||
# flavor = custombackend
|
||||
#
|
||||
[pipeline:heat-api-custombackend]
|
||||
pipeline = faultwrap versionnegotiation context custombackendauth apiv1app
|
||||
pipeline = request_id faultwrap versionnegotiation context custombackendauth apiv1app
|
||||
|
||||
# heat-api-cfn pipeline
|
||||
[pipeline:heat-api-cfn]
|
||||
pipeline = cfnversionnegotiation ec2authtoken authtoken context apicfnv1app
|
||||
pipeline = cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
|
||||
|
||||
# heat-api-cfn pipeline for standalone heat
|
||||
# relies exclusively on authenticating with ec2 signed requests
|
||||
|
|
@ -32,7 +33,7 @@ pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app
|
|||
|
||||
# heat-api-cloudwatch pipeline
|
||||
[pipeline:heat-api-cloudwatch]
|
||||
pipeline = versionnegotiation ec2authtoken authtoken context apicwapp
|
||||
pipeline = versionnegotiation osprofiler ec2authtoken authtoken context apicwapp
|
||||
|
||||
# heat-api-cloudwatch pipeline for standalone heat
|
||||
# relies exclusively on authenticating with ec2 signed requests
|
||||
|
|
@ -92,3 +93,12 @@ paste.filter_factory = heat.common.auth_password:filter_factory
|
|||
# Auth middleware that validates against custom backend
|
||||
[filter:custombackendauth]
|
||||
paste.filter_factory = heat.common.custom_backend_auth:filter_factory
|
||||
|
||||
# Middleware to set x-openstack-request-id in http response header
|
||||
[filter:request_id]
|
||||
paste.filter_factory = oslo.middleware.request_id:RequestId.factory
|
||||
|
||||
[filter:osprofiler]
|
||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||
hmac_keys = SECRET_KEY
|
||||
enabled = yes
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
"cloudformation:DescribeStacks": "rule:deny_stack_user",
|
||||
"cloudformation:DeleteStack": "rule:deny_stack_user",
|
||||
"cloudformation:UpdateStack": "rule:deny_stack_user",
|
||||
"cloudformation:CancelUpdateStack": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
|
||||
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
|
||||
"cloudformation:GetTemplate": "rule:deny_stack_user",
|
||||
|
|
@ -50,7 +51,13 @@
|
|||
"stacks:show": "rule:deny_stack_user",
|
||||
"stacks:template": "rule:deny_stack_user",
|
||||
"stacks:update": "rule:deny_stack_user",
|
||||
"stacks:update_patch": "rule:deny_stack_user",
|
||||
"stacks:validate_template": "rule:deny_stack_user",
|
||||
"stacks:snapshot": "rule:deny_stack_user",
|
||||
"stacks:show_snapshot": "rule:deny_stack_user",
|
||||
"stacks:delete_snapshot": "rule:deny_stack_user",
|
||||
"stacks:list_snapshots": "rule:deny_stack_user",
|
||||
"stacks:restore_snapshot": "rule:deny_stack_user",
|
||||
|
||||
"software_configs:create": "rule:deny_stack_user",
|
||||
"software_configs:show": "rule:deny_stack_user",
|
||||
|
|
@ -60,5 +67,7 @@
|
|||
"software_deployments:show": "rule:deny_stack_user",
|
||||
"software_deployments:update": "rule:deny_stack_user",
|
||||
"software_deployments:delete": "rule:deny_stack_user",
|
||||
"software_deployments:metadata": ""
|
||||
"software_deployments:metadata": "",
|
||||
|
||||
"service:index": "rule:context_is_admin"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,12 +39,13 @@
|
|||
state: directory
|
||||
owner: "{{ item.owner|default(heat_system_user_name) }}"
|
||||
group: "{{ item.group|default(heat_system_group_name) }}"
|
||||
mode: "{{ item.mode|default('0755') }}"
|
||||
with_items:
|
||||
- { path: "/etc/heat" }
|
||||
- { path: "/etc/heat/environment.d" }
|
||||
- { path: "/etc/heat/templates" }
|
||||
- { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
|
||||
- { path: "/var/cache/heat" }
|
||||
- { path: "/etc/sudoers.d", owner: "root", group: "root" }
|
||||
- { path: "/var/cache/heat", mode: "0700" }
|
||||
- { path: "{{ heat_system_home_folder }}" }
|
||||
tags:
|
||||
- heat-dirs
|
||||
|
|
|
|||
|
|
@ -19,18 +19,9 @@ heat_watch_server_url = {{ heat_watch_server_url }}
|
|||
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
|
||||
heat_metadata_server_url = {{ heat_metadata_server_url }}
|
||||
|
||||
|
||||
## RPC Backend
|
||||
rpc_backend = {{ heat_rpc_backend }}
|
||||
|
||||
|
||||
## RabbitMQ
|
||||
rabbit_port = {{ rabbitmq_port }}
|
||||
rabbit_userid = {{ rabbitmq_userid }}
|
||||
rabbit_password = {{ rabbitmq_password }}
|
||||
rabbit_hosts = {{ rabbitmq_servers }}
|
||||
|
||||
|
||||
## Plugin dirs
|
||||
plugin_dirs = {{ heat_plugin_dirs | join(',') }}
|
||||
|
||||
|
|
@ -80,6 +71,14 @@ bind_port = {{ heat_cfn_service_port }}
|
|||
[heat_api_cloudwatch]
|
||||
bind_port = {{ heat_watch_port }}
|
||||
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
rabbit_port = {{ rabbitmq_port }}
|
||||
rabbit_userid = {{ rabbitmq_userid }}
|
||||
rabbit_password = {{ rabbitmq_password }}
|
||||
rabbit_hosts = {{ rabbitmq_servers }}
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
signing_dir = /var/cache/heat
|
||||
identity_uri = {{ keystone_service_adminuri }}
|
||||
|
|
|
|||
Loading…
Reference in New Issue