Browse Source

Merge "Configure domain and Heat roles"

changes/38/401138/3
Jenkins 2 years ago
parent
commit
d1e7a53c08
3 changed files with 42 additions and 1 deletions
  1. 6
    0
      service/files/defaults.yaml
  2. 3
    0
      service/files/heat.conf.j2
  3. 33
    1
      service/heat-api.yaml

+ 6
- 0
service/files/defaults.yaml View File

@@ -10,6 +10,12 @@ configs:
10 10
 
11 11
     user: heat
12 12
     password: password
13
+    domain:
14
+      password: password
15
+      # it is strongly recommended don't change this value
16
+      name: heat
17
+      # it is strongly recommended don't change this value
18
+      user: heat_domain_admin
13 19
 
14 20
     debug: false
15 21
 

+ 3
- 0
service/files/heat.conf.j2 View File

@@ -5,6 +5,9 @@ use_stderr = True
5 5
 use_forwarded_for = True
6 6
 region_name_for_services = RegionOne
7 7
 rpc_backend = rabbit
8
+stack_domain_admin = {{ heat.domain.user }}
9
+stack_domain_admin_password = {{ heat.domain.password }}
10
+stack_user_domain_name = {{ heat.domain.name }}
8 11
 
9 12
 [clients]
10 13
 endpoint_type = internalURL

+ 33
- 1
service/heat-api.yaml View File

@@ -33,7 +33,7 @@ service:
33 33
           type: single
34 34
           command:
35 35
             openstack user create --domain default --password {{ heat.password }} {{ heat.user }}
36
-        - name: heat-role-add
36
+        - name: heat-admin-role-add
37 37
           dependencies:
38 38
             - heat-user-create
39 39
           type: single
@@ -63,6 +63,38 @@ service:
63 63
           type: single
64 64
           command:
65 65
             openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s
66
+        # Orchestration requires additional information in the Identity service to manage stacks.
67
+        # For detailed explanation see: http://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
68
+        - name: keystone-create-heat-domain
69
+          type: single
70
+          command:
71
+            openstack domain create --description "Owns users and projects created by heat" {{ heat.domain.name }}
72
+        - name: heat-domain-admin-user-create
73
+          type: single
74
+          command:
75
+            openstack user create --domain {{ heat.domain.name }} --password {{ heat.domain.password }}  {{ heat.domain.user }}
76
+          dependencies:
77
+            - keystone-create-heat-domain
78
+        - name: grant-doman-user-admin-privileges
79
+          type: single
80
+          command:
81
+            openstack role add --domain {{ heat.domain.name }} --user-domain {{ heat.domain.name }} --user {{ heat.domain.user }} admin
82
+          dependencies:
83
+            - heat-domain-admin-user-create
84
+        # You must add the heat_stack_owner role to each user that manages stacks after addinf new users.
85
+        - name: heat-stack-owner-role-create
86
+          type: single
87
+          command:
88
+            openstack role create heat_stack_owner
89
+          dependencies:
90
+            - grant-doman-user-admin-privileges
91
+        # The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment.
92
+        - name: heat-stack-user-role-create
93
+          type: single
94
+          command:
95
+            openstack role create heat_stack_user
96
+          dependencies:
97
+            - grant-doman-user-admin-privileges
66 98
       daemon:
67 99
         dependencies:
68 100
           - rabbitmq

Loading…
Cancel
Save