Move heat keystone setup into lib/heat
Move the heat setup which currently happens in files/keystone_data.sh to lib/heat, where we have create_heat_accounts. Move the user, role, service and endpoint creation as that is consistent with what other services, e.g lib/nova are doing. Change-Id: Iaa2c822cad581d6b2b4f22f8863daf81e25f8485
This commit is contained in:
parent
bd9dbef932
commit
57d478d874
@ -53,41 +53,6 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" |
|
|||||||
--role ResellerAdmin
|
--role ResellerAdmin
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Heat
|
|
||||||
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
|
|
||||||
keystone user-create --name=heat \
|
|
||||||
--pass="$SERVICE_PASSWORD" \
|
|
||||||
--tenant $SERVICE_TENANT_NAME \
|
|
||||||
--email=heat@example.com
|
|
||||||
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
|
|
||||||
--user heat \
|
|
||||||
--role service
|
|
||||||
# heat_stack_user role is for users created by Heat
|
|
||||||
keystone role-create --name heat_stack_user
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
|
||||||
keystone service-create \
|
|
||||||
--name=heat-cfn \
|
|
||||||
--type=cloudformation \
|
|
||||||
--description="Heat CloudFormation Service"
|
|
||||||
keystone endpoint-create \
|
|
||||||
--region RegionOne \
|
|
||||||
--service heat-cfn \
|
|
||||||
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
||||||
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
||||||
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
|
|
||||||
keystone service-create \
|
|
||||||
--name=heat \
|
|
||||||
--type=orchestration \
|
|
||||||
--description="Heat Service"
|
|
||||||
keystone endpoint-create \
|
|
||||||
--region RegionOne \
|
|
||||||
--service heat \
|
|
||||||
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
|
||||||
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
|
||||||
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Glance
|
# Glance
|
||||||
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
|
||||||
keystone user-create \
|
keystone user-create \
|
||||||
|
43
lib/heat
43
lib/heat
@ -197,8 +197,49 @@ function disk_image_create {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# create_heat_accounts() - Set up common required heat accounts
|
# create_heat_accounts() - Set up common required heat accounts
|
||||||
# Note this is in addition to what is in files/keystone_data.sh
|
|
||||||
function create_heat_accounts {
|
function create_heat_accounts {
|
||||||
|
# migrated from files/keystone_data.sh
|
||||||
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||||
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||||
|
|
||||||
|
HEAT_USER=$(openstack user create \
|
||||||
|
heat \
|
||||||
|
--password "$SERVICE_PASSWORD" \
|
||||||
|
--project $SERVICE_TENANT \
|
||||||
|
--email heat@example.com \
|
||||||
|
| grep " id " | get_field 2)
|
||||||
|
openstack role add \
|
||||||
|
$ADMIN_ROLE \
|
||||||
|
--project $SERVICE_TENANT \
|
||||||
|
--user $HEAT_USER
|
||||||
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
|
HEAT_SERVICE=$(openstack service create \
|
||||||
|
heat \
|
||||||
|
--type=orchestration \
|
||||||
|
--description="Heat Orchestration Service" \
|
||||||
|
| grep " id " | get_field 2)
|
||||||
|
openstack endpoint create \
|
||||||
|
$HEAT_SERVICE \
|
||||||
|
--region RegionOne \
|
||||||
|
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
||||||
|
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
||||||
|
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
||||||
|
HEAT_CFN_SERVICE=$(openstack service create \
|
||||||
|
heat \
|
||||||
|
--type=cloudformation \
|
||||||
|
--description="Heat CloudFormation Service" \
|
||||||
|
| grep " id " | get_field 2)
|
||||||
|
openstack endpoint create \
|
||||||
|
$HEAT_CFN_SERVICE \
|
||||||
|
--region RegionOne \
|
||||||
|
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
||||||
|
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
||||||
|
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# heat_stack_user role is for users created by Heat
|
||||||
|
openstack role create heat_stack_user
|
||||||
|
|
||||||
# Note we have to pass token/endpoint here because the current endpoint and
|
# Note we have to pass token/endpoint here because the current endpoint and
|
||||||
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
||||||
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
|
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
|
||||||
|
3
stack.sh
3
stack.sh
@ -934,8 +934,7 @@ if is_service_enabled key; then
|
|||||||
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \
|
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \
|
||||||
SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \
|
SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \
|
||||||
S3_SERVICE_PORT=$S3_SERVICE_PORT KEYSTONE_CATALOG_BACKEND=$KEYSTONE_CATALOG_BACKEND \
|
S3_SERVICE_PORT=$S3_SERVICE_PORT KEYSTONE_CATALOG_BACKEND=$KEYSTONE_CATALOG_BACKEND \
|
||||||
DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES HEAT_API_CFN_PORT=$HEAT_API_CFN_PORT \
|
DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
|
||||||
HEAT_API_PORT=$HEAT_API_PORT \
|
|
||||||
bash -x $FILES/keystone_data.sh
|
bash -x $FILES/keystone_data.sh
|
||||||
|
|
||||||
# Set up auth creds now that keystone is bootstrapped
|
# Set up auth creds now that keystone is bootstrapped
|
||||||
|
Loading…
Reference in New Issue
Block a user