summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2016-11-24 02:56:15 +0000
committerGerrit Code Review <review@openstack.org>2016-11-24 02:56:15 +0000
commitd1e7a53c08b0012edff3eff8ebba4aa6ea3ff2d9 (patch)
tree1c4c931fc777f641edef69cfe6a0ee2e5f8a207b
parent5c9de4030b4385ed77817291cede5e72431ab4ca (diff)
parent8a4d4d86b24610b6b69d01f0db7ada80d0f24567 (diff)
Merge "Configure domain and Heat roles"
-rw-r--r--service/files/defaults.yaml6
-rw-r--r--service/files/heat.conf.j23
-rw-r--r--service/heat-api.yaml34
3 files changed, 42 insertions, 1 deletions
diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml
index 9f59d69..e69b042 100644
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@@ -10,6 +10,12 @@ configs:
10 10
11 user: heat 11 user: heat
12 password: password 12 password: password
13 domain:
14 password: password
15 # it is strongly recommended don't change this value
16 name: heat
17 # it is strongly recommended don't change this value
18 user: heat_domain_admin
13 19
14 debug: false 20 debug: false
15 21
diff --git a/service/files/heat.conf.j2 b/service/files/heat.conf.j2
index c704b36..5a5f07c 100644
--- a/service/files/heat.conf.j2
+++ b/service/files/heat.conf.j2
@@ -5,6 +5,9 @@ use_stderr = True
5use_forwarded_for = True 5use_forwarded_for = True
6region_name_for_services = RegionOne 6region_name_for_services = RegionOne
7rpc_backend = rabbit 7rpc_backend = rabbit
8stack_domain_admin = {{ heat.domain.user }}
9stack_domain_admin_password = {{ heat.domain.password }}
10stack_user_domain_name = {{ heat.domain.name }}
8 11
9[clients] 12[clients]
10endpoint_type = internalURL 13endpoint_type = internalURL
diff --git a/service/heat-api.yaml b/service/heat-api.yaml
index 702e217..bd9af24 100644
--- a/service/heat-api.yaml
+++ b/service/heat-api.yaml
@@ -33,7 +33,7 @@ service:
33 type: single 33 type: single
34 command: 34 command:
35 openstack user create --domain default --password {{ heat.password }} {{ heat.user }} 35 openstack user create --domain default --password {{ heat.password }} {{ heat.user }}
36 - name: heat-role-add 36 - name: heat-admin-role-add
37 dependencies: 37 dependencies:
38 - heat-user-create 38 - heat-user-create
39 type: single 39 type: single
@@ -63,6 +63,38 @@ service:
63 type: single 63 type: single
64 command: 64 command:
65 openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s 65 openstack endpoint create --region RegionOne orchestration admin {{ address('heat-api', heat.api_port, with_scheme=True) }}/v1/%\(tenant_id\)s
66 # Orchestration requires additional information in the Identity service to manage stacks.
67 # For detailed explanation see: http://docs.openstack.org/project-install-guide/orchestration/newton/install-ubuntu.html
68 - name: keystone-create-heat-domain
69 type: single
70 command:
71 openstack domain create --description "Owns users and projects created by heat" {{ heat.domain.name }}
72 - name: heat-domain-admin-user-create
73 type: single
74 command:
75 openstack user create --domain {{ heat.domain.name }} --password {{ heat.domain.password }} {{ heat.domain.user }}
76 dependencies:
77 - keystone-create-heat-domain
78 - name: grant-doman-user-admin-privileges
79 type: single
80 command:
81 openstack role add --domain {{ heat.domain.name }} --user-domain {{ heat.domain.name }} --user {{ heat.domain.user }} admin
82 dependencies:
83 - heat-domain-admin-user-create
84 # You must add the heat_stack_owner role to each user that manages stacks after addinf new users.
85 - name: heat-stack-owner-role-create
86 type: single
87 command:
88 openstack role create heat_stack_owner
89 dependencies:
90 - grant-doman-user-admin-privileges
91 # The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment.
92 - name: heat-stack-user-role-create
93 type: single
94 command:
95 openstack role create heat_stack_user
96 dependencies:
97 - grant-doman-user-admin-privileges
66 daemon: 98 daemon:
67 dependencies: 99 dependencies:
68 - rabbitmq 100 - rabbitmq