Add informations about heat identity domains

The use of identity domains with Heat enables better segmentation of the users within heat. Change-Id: I1e04adeeb40424533afbca190cd50346a4b4dcac Closes-Bug: #1417260
2015-03-23 10:45:25 +01:00 · 2015-03-23 10:45:25 +01:00 · e15ff12aa1
commit e15ff12aa1
parent 8e54ca7047
2 changed files with 25 additions and 0 deletions
--- a/doc/install-guide/section_basics-security.xml
+++ b/doc/install-guide/section_basics-security.xml
@ -100,6 +100,10 @@
         <td><literal><replaceable>HEAT_PASS</replaceable></literal></td>
         <td>Password of Orchestration service user <literal>heat</literal></td>
       </tr>
+       <tr>
+         <td><literal><replaceable>HEAT_DOMAIN_PASS</replaceable></literal></td>
+         <td>Password of Orchestration domain</td>
+       </tr>
       <tr>
         <td><literal><replaceable>CEILOMETER_DBPASS</replaceable></literal></td>
         <td>Database password for the Telemetry service</td>
--- a/doc/install-guide/section_heat-install.xml
+++ b/doc/install-guide/section_heat-install.xml
@ -73,6 +73,15 @@
          <para>Create the <literal>heat_stack_owner</literal> role:</para>
          <screen><prompt>$</prompt> <userinput>keystone role-create --name heat_stack_owner</userinput></screen>
        </step>
+        <step>
+          <para>Create the heat domain in Identity service:</para>
+          <screen><prompt>$</prompt> <userinput>heat-keystone-setup-domain \
+                  --stack-user-domain-name heat_user_domain \
+                  --stack-domain-admin heat_domain_admin \
+                  --stack-domain-admin-password <replaceable>HEAT_DOMAIN_PASS</replaceable></userinput></screen>
+          <para>Replace <replaceable>HEAT_DOMAIN_PASS</replaceable> with a suitable
+            password.</para>
+        </step>
        <step>
          <para>Add the <literal>heat_stack_owner</literal> role to the
            <literal>demo</literal> tenant and user:</para>
@ -226,6 +235,18 @@ auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlistin
 heat_metadata_server_url = http://<replaceable>controller</replaceable>:8000
 heat_waitcondition_server_url = http://<replaceable>controller</replaceable>:8000/v1/waitcondition</programlisting>
        </step>
+        <step>
+          <para>In the <literal>[DEFAULT]</literal> section, configure
+            information about the heat Identity service domain:</para>
+          <programlisting language="ini">[DEFAULT]
+...
+stack_domain_admin = heat_domain_admin
+stack_domain_admin_password = <replaceable>HEAT_DOMAIN_PASS</replaceable>
+stack_user_domain_name = heat_user_domain</programlisting>
+          <para>Replace <replaceable>HEAT_DOMAIN_PASS</replaceable> with the
+            password you chose for the admin user of the
+            <literal>heat</literal> user domain in the Identity service.</para>
+        </step>
        <step>
          <para>(Optional) To assist with troubleshooting, enable verbose
            logging in the <literal>[DEFAULT]</literal> section:</para>