From bcff0f8a9a635854b2056bfbbecd659757a2cd16 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Thu, 4 Aug 2016 16:35:23 +0200 Subject: [PATCH] Create the heat_stack_user/owner role in the heat role Change-Id: I78ce0071474fc693aa2a05397b2a9b5974266cd9 Partial-bug: #1609814 --- ansible/roles/heat/defaults/main.yml | 2 ++ ansible/roles/heat/tasks/register.yml | 26 +++++++++++++++++++++++ ansible/roles/heat/templates/heat.conf.j2 | 2 ++ docker/heat/heat-api/extend_start.sh | 2 -- 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml index 9ceb0a59f6..5b6999cdec 100644 --- a/ansible/roles/heat/defaults/main.yml +++ b/ansible/roles/heat/defaults/main.yml @@ -37,5 +37,7 @@ heat_cfn_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_logging_debug: "{{ openstack_logging_debug }}" heat_keystone_user: "heat" +heat_stack_user_role: "heat_stack_user" +heat_stack_owner_role: "heat_stack_owner" openstack_heat_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/heat/tasks/register.yml b/ansible/roles/heat/tasks/register.yml index e5e595c53c..60112159c7 100644 --- a/ansible/roles/heat/tasks/register.yml +++ b/ansible/roles/heat/tasks/register.yml @@ -41,3 +41,29 @@ retries: 10 delay: 5 run_once: True + +- name: Creating the heat_stack_user role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m os_keystone_role + -a "name={{ heat_stack_user_role }} + auth={{ '{{ openstack_heat_auth }}' }}" + -e "{'openstack_horizon_auth':{{ openstack_heat_auth }}}" + register: heat_stack_user_role_result + changed_when: "{{ heat_stack_user_result.stdout.find('localhost | SUCCESS => ') != -1 and (heat_stack_user_result.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: heat_stack_user_result.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + +- name: Creating the heat_stack_owner role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m os_keystone_role + -a "name={{ heat_stack_owner_role }} + auth={{ '{{ openstack_heat_auth }}' }}" + -e "{'openstack_horizon_auth':{{ openstack_heat_auth }}}" + register: heat_stack_owner_role_result + changed_when: "{{ heat_stack_owner_result.stdout.find('localhost | SUCCESS => ') != -1 and (heat_stack_owner_result.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: heat_stack_owner_result.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2 index 8f7b0529e8..fdc624edd7 100644 --- a/ansible/roles/heat/templates/heat.conf.j2 +++ b/ansible/roles/heat/templates/heat.conf.j2 @@ -7,6 +7,8 @@ heat_watch_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ hea heat_metadata_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }} heat_waitcondition_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1/waitcondition +heat_stack_user_role = {{ heat_stack_user_role }} + stack_domain_admin = heat_domain_admin stack_domain_admin_password = {{ heat_domain_admin_password }} stack_user_domain_name = heat_user_domain diff --git a/docker/heat/heat-api/extend_start.sh b/docker/heat/heat-api/extend_start.sh index 59c7a3ab77..be87c09235 100644 --- a/docker/heat/heat-api/extend_start.sh +++ b/docker/heat/heat-api/extend_start.sh @@ -10,8 +10,6 @@ if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then openstack domain create heat_user_domain openstack user create --domain heat_user_domain heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD} openstack role add --domain heat_user_domain --user-domain heat_user_domain --user heat_domain_admin admin - openstack role create heat_stack_owner - openstack role create heat_stack_user fi exit 0 fi