dsl_version: 0.1.0 service: name: heat-api ports: - {{ heat.api_port }} containers: - name: heat-api image: heat-api pre: - name: heat-db-create dependencies: - {{ service.database }} type: single command: mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ heat.db.name }}; create user '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}' {% if percona.tls.enabled %} require ssl {% endif %}; grant all privileges on {{ heat.db.name }}.* to '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}' {% if percona.tls.enabled %} require ssl {% endif %};" - name: heat-db-sync files: - heat-conf dependencies: - heat-db-create type: single command: heat-manage db_sync - name: heat-user-create dependencies: - keystone-create-domain type: single command: openstack user create --domain {{ service_account.domain }} --password {{ heat.password }} {{ heat.user }} - name: heat-admin-role-add dependencies: - heat-user-create type: single command: openstack role add --domain {{ service_account.domain }} --user {{ heat.user }} admin - name: heat-service-create dependencies: - keystone type: single command: openstack service create --name heat --description "OpenStack orchestration service" orchestration - name: heat-public-endpoint-create dependencies: - heat-service-create type: single command: openstack endpoint create --region RegionOne orchestration public {{ address('heat-api', heat.api_port, external=True, with_scheme=True) }}/v1/%\(tenant_id\)s - name: heat-internal-endpoint-create dependencies: - heat-service-create type: single command: openstack endpoint create --region RegionOne orchestration internal {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s - name: heat-admin-endpoint-create dependencies: - heat-service-create type: single command: openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s # Orchestration requires additional information in the Identity service to manage stacks. # For detailed explanation see: http://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html - name: heat-create-domain type: single command: openstack domain create --description "Owns users and projects created by heat" {{ heat.domain.name }} dependencies: - keystone - name: heat-domain-admin-user-create type: single command: openstack user create --domain {{ heat.domain.name }} --password {{ heat.domain.password }} {{ heat.domain.user }} dependencies: - heat-create-domain - name: heat-grant-doman-user-admin-privileges type: single command: openstack role add --domain {{ heat.domain.name }} --user-domain {{ heat.domain.name }} --user {{ heat.domain.user }} admin dependencies: - heat-domain-admin-user-create # You must add the heat_stack_owner role to each user that manages stacks after addinf new users. - name: heat-stack-owner-role-create type: single command: openstack role create heat_stack_owner dependencies: - heat-grant-doman-user-admin-privileges # The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment. - name: heat-stack-user-role-create type: single command: openstack role create heat_stack_user dependencies: - heat-grant-doman-user-admin-privileges daemon: dependencies: - "{{ messaging.dependencies[messaging.backend.rpc] }}" files: - heat-conf command: heat-api --config-file /etc/heat/heat.conf files: heat-conf: path: /etc/heat/heat.conf content: heat.conf.j2