Add applicationcredential to heat
Change-Id: Ida562bed731baa06289c9dbaeef843c4df81cdf8
This commit is contained in:
okozachenko
@@ -44,6 +44,13 @@ function kubernetes_rollout_restart {
|
|||||||
kubectl rollout restart $resource
|
kubectl rollout restart $resource
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function kubernetes_ensure_resource {
|
||||||
|
local resource="$1"
|
||||||
|
for i in {1..60}; do
|
||||||
|
kubectl get $resource && break || sleep 3;
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
function proxy_pass_to_kubernetes {
|
function proxy_pass_to_kubernetes {
|
||||||
local url=$1
|
local url=$1
|
||||||
local svc=$2
|
local svc=$2
|
||||||
|
|||||||
@@ -139,17 +139,21 @@ function configure_heat {
|
|||||||
iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
|
iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
kubernetes_ensure_resource secret/heat-application-credential
|
||||||
configure_auth_token_middleware $HEAT_CONF heat
|
export HEAT_APPLICATION_CREDENTIAL_SECRET=$(get_data_from_secret heat-application-credential openstack secret)
|
||||||
|
export HEAT_APPLICATION_CREDENTIAL_ID=$(get_data_from_secret heat-application-credential openstack id)
|
||||||
|
iniset $HEAT_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
|
||||||
|
iniset $HEAT_CONF keystone_authtoken auth_type v3applicationcredential
|
||||||
|
iniset $HEAT_CONF keystone_authtoken application_credential_id $HEAT_APPLICATION_CREDENTIAL_ID
|
||||||
|
iniset $HEAT_CONF keystone_authtoken application_credential_secret $HEAT_APPLICATION_CREDENTIAL_SECRET
|
||||||
|
|
||||||
# If HEAT_DEFERRED_AUTH is unset or explicitly set to trusts, configure
|
# If HEAT_DEFERRED_AUTH is unset or explicitly set to trusts, configure
|
||||||
# the section for the client plugin associated with the trustee
|
# the section for the client plugin associated with the trustee
|
||||||
if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then
|
if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then
|
||||||
iniset $HEAT_CONF trustee auth_type password
|
iniset $HEAT_CONF trustee auth_type v3applicationcredential
|
||||||
iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI_V3
|
iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI_V3
|
||||||
iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER
|
iniset $HEAT_CONF trustee application_credential_id $HEAT_APPLICATION_CREDENTIAL_ID
|
||||||
iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD
|
iniset $HEAT_CONF trustee application_credential_secret $HEAT_APPLICATION_CREDENTIAL_SECRET
|
||||||
iniset $HEAT_CONF trustee user_domain_id $HEAT_TRUSTEE_DOMAIN
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# clients_keystone
|
# clients_keystone
|
||||||
@@ -261,14 +265,6 @@ function stop_heat {
|
|||||||
function create_heat_accounts {
|
function create_heat_accounts {
|
||||||
if [[ "$HEAT_STANDALONE" != "True" ]]; then
|
if [[ "$HEAT_STANDALONE" != "True" ]]; then
|
||||||
|
|
||||||
local heat_api_service_url
|
|
||||||
local heat_cfn_api_service_url
|
|
||||||
|
|
||||||
heat_api_service_url="$SERVICE_PROTOCOL://$HEAT_API_HOST/heat-api/v1/\$(project_id)s"
|
|
||||||
heat_cfn_api_service_url="$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST/heat-api-cfn/v1"
|
|
||||||
|
|
||||||
create_service_user "heat" "admin"
|
|
||||||
|
|
||||||
# heat_stack_user role is for users created by Heat
|
# heat_stack_user role is for users created by Heat
|
||||||
get_or_create_role "heat_stack_user"
|
get_or_create_role "heat_stack_user"
|
||||||
fi
|
fi
|
||||||
@@ -316,6 +312,7 @@ function configure_tempest_for_heat {
|
|||||||
source $TOP_DIR/openrc admin admin
|
source $TOP_DIR/openrc admin admin
|
||||||
iniset $TEMPEST_CONFIG heat_plugin admin_username $OS_USERNAME
|
iniset $TEMPEST_CONFIG heat_plugin admin_username $OS_USERNAME
|
||||||
iniset $TEMPEST_CONFIG heat_plugin admin_password $OS_PASSWORD
|
iniset $TEMPEST_CONFIG heat_plugin admin_password $OS_PASSWORD
|
||||||
|
|
||||||
if [[ -e /etc/ci/mirror_info.sh ]]; then
|
if [[ -e /etc/ci/mirror_info.sh ]]; then
|
||||||
source /etc/ci/mirror_info.sh
|
source /etc/ci/mirror_info.sh
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -70,6 +70,9 @@ def create_or_resume(name, spec, **_):
|
|||||||
api_url = spec["ingress"]["host"]["api"]
|
api_url = spec["ingress"]["host"]["api"]
|
||||||
cfn_url = spec["ingress"]["host"]["api-cfn"]
|
cfn_url = spec["ingress"]["host"]["api-cfn"]
|
||||||
|
|
||||||
|
# Create application credential
|
||||||
|
identity.ensure_application_credential(name="heat")
|
||||||
|
|
||||||
# Create service and endpoints
|
# Create service and endpoints
|
||||||
identity.ensure_service(name="heat-api", service_type="orchestration",
|
identity.ensure_service(name="heat-api", service_type="orchestration",
|
||||||
url=api_url, path="/v1/$(project_id)s",
|
url=api_url, path="/v1/$(project_id)s",
|
||||||
|
|||||||
@@ -19,6 +19,11 @@
|
|||||||
- name: controller
|
- name: controller
|
||||||
label: ubuntu-bionic-expanded-vexxhost
|
label: ubuntu-bionic-expanded-vexxhost
|
||||||
vars:
|
vars:
|
||||||
|
devstack_local_conf:
|
||||||
|
test-config:
|
||||||
|
$TEMPEST_CONFIG:
|
||||||
|
identity-feature-enabled:
|
||||||
|
application_credentials: true
|
||||||
devstack_services:
|
devstack_services:
|
||||||
etcd3: false
|
etcd3: false
|
||||||
horizon: true
|
horizon: true
|
||||||
|
|||||||
Reference in New Issue
Block a user