From 57d478d87438912e1a33d4a2d00d4a300148e2fc Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Fri, 28 Feb 2014 16:37:43 +0000 Subject: [PATCH] Move heat keystone setup into lib/heat Move the heat setup which currently happens in files/keystone_data.sh to lib/heat, where we have create_heat_accounts. Move the user, role, service and endpoint creation as that is consistent with what other services, e.g lib/nova are doing. Change-Id: Iaa2c822cad581d6b2b4f22f8863daf81e25f8485 --- files/keystone_data.sh | 35 ---------------------------------- lib/heat | 43 +++++++++++++++++++++++++++++++++++++++++- stack.sh | 3 +-- 3 files changed, 43 insertions(+), 38 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 9a34c7616f..fc1e8136a4 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -53,41 +53,6 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" | --role ResellerAdmin fi -# Heat -if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then - keystone user-create --name=heat \ - --pass="$SERVICE_PASSWORD" \ - --tenant $SERVICE_TENANT_NAME \ - --email=heat@example.com - keystone user-role-add --tenant $SERVICE_TENANT_NAME \ - --user heat \ - --role service - # heat_stack_user role is for users created by Heat - keystone role-create --name heat_stack_user - if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - keystone service-create \ - --name=heat-cfn \ - --type=cloudformation \ - --description="Heat CloudFormation Service" - keystone endpoint-create \ - --region RegionOne \ - --service heat-cfn \ - --publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ - --adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ - --internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" - keystone service-create \ - --name=heat \ - --type=orchestration \ - --description="Heat Service" - keystone endpoint-create \ - --region RegionOne \ - --service heat \ - --publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ - --adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ - --internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" - fi -fi - # Glance if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then keystone user-create \ diff --git a/lib/heat b/lib/heat index d0c0302016..42d1057cbd 100644 --- a/lib/heat +++ b/lib/heat @@ -197,8 +197,49 @@ function disk_image_create { } # create_heat_accounts() - Set up common required heat accounts -# Note this is in addition to what is in files/keystone_data.sh function create_heat_accounts { + # migrated from files/keystone_data.sh + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") + + HEAT_USER=$(openstack user create \ + heat \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email heat@example.com \ + | grep " id " | get_field 2) + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $HEAT_USER + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then + HEAT_SERVICE=$(openstack service create \ + heat \ + --type=orchestration \ + --description="Heat Orchestration Service" \ + | grep " id " | get_field 2) + openstack endpoint create \ + $HEAT_SERVICE \ + --region RegionOne \ + --publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ + --adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ + --internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" + HEAT_CFN_SERVICE=$(openstack service create \ + heat \ + --type=cloudformation \ + --description="Heat CloudFormation Service" \ + | grep " id " | get_field 2) + openstack endpoint create \ + $HEAT_CFN_SERVICE \ + --region RegionOne \ + --publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ + --adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ + --internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" + fi + + # heat_stack_user role is for users created by Heat + openstack role create heat_stack_user + # Note we have to pass token/endpoint here because the current endpoint and # version negotiation in OSC means just --os-identity-api-version=3 won't work KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3" diff --git a/stack.sh b/stack.sh index ccd567e0bc..ec8de2d2dd 100755 --- a/stack.sh +++ b/stack.sh @@ -934,8 +934,7 @@ if is_service_enabled key; then ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \ SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \ S3_SERVICE_PORT=$S3_SERVICE_PORT KEYSTONE_CATALOG_BACKEND=$KEYSTONE_CATALOG_BACKEND \ - DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES HEAT_API_CFN_PORT=$HEAT_API_CFN_PORT \ - HEAT_API_PORT=$HEAT_API_PORT \ + DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \ bash -x $FILES/keystone_data.sh # Set up auth creds now that keystone is bootstrapped