Merge "Configure domain and Heat roles"

This commit is contained in:
Jenkins 2016-11-24 02:56:15 +00:00 committed by Gerrit Code Review
commit d1e7a53c08
3 changed files with 42 additions and 1 deletions

View File

@ -10,6 +10,12 @@ configs:
user: heat user: heat
password: password password: password
domain:
password: password
# it is strongly recommended don't change this value
name: heat
# it is strongly recommended don't change this value
user: heat_domain_admin
debug: false debug: false

View File

@ -5,6 +5,9 @@ use_stderr = True
use_forwarded_for = True use_forwarded_for = True
region_name_for_services = RegionOne region_name_for_services = RegionOne
rpc_backend = rabbit rpc_backend = rabbit
stack_domain_admin = {{ heat.domain.user }}
stack_domain_admin_password = {{ heat.domain.password }}
stack_user_domain_name = {{ heat.domain.name }}
[clients] [clients]
endpoint_type = internalURL endpoint_type = internalURL

View File

@ -33,7 +33,7 @@ service:
type: single type: single
command: command:
openstack user create --domain default --password {{ heat.password }} {{ heat.user }} openstack user create --domain default --password {{ heat.password }} {{ heat.user }}
- name: heat-role-add - name: heat-admin-role-add
dependencies: dependencies:
- heat-user-create - heat-user-create
type: single type: single
@ -63,6 +63,38 @@ service:
type: single type: single
command: command:
openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s
# Orchestration requires additional information in the Identity service to manage stacks.
# For detailed explanation see: http://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
- name: keystone-create-heat-domain
type: single
command:
openstack domain create --description "Owns users and projects created by heat" {{ heat.domain.name }}
- name: heat-domain-admin-user-create
type: single
command:
openstack user create --domain {{ heat.domain.name }} --password {{ heat.domain.password }} {{ heat.domain.user }}
dependencies:
- keystone-create-heat-domain
- name: grant-doman-user-admin-privileges
type: single
command:
openstack role add --domain {{ heat.domain.name }} --user-domain {{ heat.domain.name }} --user {{ heat.domain.user }} admin
dependencies:
- heat-domain-admin-user-create
# You must add the heat_stack_owner role to each user that manages stacks after addinf new users.
- name: heat-stack-owner-role-create
type: single
command:
openstack role create heat_stack_owner
dependencies:
- grant-doman-user-admin-privileges
# The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment.
- name: heat-stack-user-role-create
type: single
command:
openstack role create heat_stack_user
dependencies:
- grant-doman-user-admin-privileges
daemon: daemon:
dependencies: dependencies:
- rabbitmq - rabbitmq