Create Heat API CFN endpoint

Create the Heat API CFN endpoint by including the needed puppet class. Previously, we were not creating the endpoint. When using deployed servers where the ctlplane is not routable, you may want to configure Heat polling and signaling over the public endpoints instead of the internal endpoints. In order to do so, endpoints for the CFN service need to be created. Change-Id: Iefa9d5bd3b03eb4812f24be2ca1ad0fa3a157402 Closes-Bug: #1674827
2017-03-21 17:22:40 -04:00 · 2017-03-21 17:22:40 -04:00 · 42d050ae3b
parent 9f23fbda47
commit 42d050ae3b
6 changed files with 28 additions and 3 deletions
--- a/elements/puppet-stack-config/puppet-stack-config.pp
+++ b/elements/puppet-stack-config/puppet-stack-config.pp
@ -312,6 +312,7 @@ include ::keystone::endpoint
 include ::keystone::cors

 include ::heat::keystone::auth
+include ::heat::keystone::auth_cfn
 include ::neutron::keystone::auth
 include ::glance::keystone::auth
 include ::nova::keystone::auth
--- a/elements/puppet-stack-config/puppet-stack-config.yaml.template
+++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template
@ -171,6 +171,12 @@ heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
 heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
 heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
 heat::keystone::auth::region: "%{hiera('keystone_region')}"
+heat::keystone::auth_cfn::tenant: 'service'
+heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
+heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
+heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
+heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
+heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
 heat::cron::purge_deleted::age: 1
 heat::cron::purge_deleted::age_type: 'days'
 heat::cron::purge_deleted::destination: '/dev/null'
--- a/instack_undercloud/tests/test_undercloud.py
+++ b/instack_undercloud/tests/test_undercloud.py
@ -423,7 +423,7 @@ class TestGenerateEnvironment(BaseTestCase):
        env = undercloud._generate_environment('.')
        endpoint_vars = {k: v for (k, v) in env.items()
                         if k.startswith('UNDERCLOUD_ENDPOINT')}
-        self.assertEqual(87, len(endpoint_vars))
+        self.assertEqual(90, len(endpoint_vars))
        # Spot check one service
        self.assertEqual('http://192.168.24.1:5000',
                         env['UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC'])
--- a/instack_undercloud/undercloud.py
+++ b/instack_undercloud/undercloud.py
@ -379,6 +379,10 @@ _auth_opts = [
               help=('Heat service password. '
                     'If left unset, one will be automatically generated.')
               ),
+    cfg.StrOpt('undercloud_heat_cfn_password',
+               help=('Heat cfn service password. '
+                     'If left unset, one will be automatically generated.')
+               ),
    cfg.StrOpt('undercloud_neutron_password',
               help=('Neutron service password. '
                     'If left unset, one will be automatically generated.')
@ -743,6 +747,10 @@ def _generate_endpoints(instack_env):
            '%s://%s:%d/v1/%%(tenant_id)s',
            {'host': public_host, 'port': 8004, 'ssl_port': 13004},
            {'host': internal_host, 'port': 8004}),
+        ('heat-cfn',
+            '%s://%s:%d/v1/%%(tenant_id)s',
+            {'host': public_host, 'port': 8000, 'ssl_port': 13800},
+            {'host': internal_host, 'port': 8000}),
        ('heat-ui-proxy',
            '%s://%s:%d',
            {'host': public_host, 'port': 8004, 'ssl_port': 13004},
--- a/releasenotes/notes/create-heat-cfn-endpoint-c7c00e3b61a98b5e.yaml
+++ b/releasenotes/notes/create-heat-cfn-endpoint-c7c00e3b61a98b5e.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The Heat CFN endpoint is now created in Keystone during the undercloud
+    install. A new configuration option, undercloud_heat_cfn_password is added
+    for the heat_cfn service user associated with the endpoint.
--- a/undercloud.conf.sample
+++ b/undercloud.conf.sample
@ -92,8 +92,8 @@

 # Path to hieradata override file. If set, the file will be copied
 # under /etc/puppet/hieradata and set as the first file in the hiera
-# hierarchy. This can be used to custom configure services beyond
-# what undercloud.conf provides (string value)
+# hierarchy. This can be used to custom configure services beyond what
+# undercloud.conf provides (string value)
 #hieradata_override =

 # Path to network config override template. If set, this template will
@ -230,6 +230,10 @@
 # generated. (string value)
 #undercloud_heat_password = <None>

+# Heat cfn service password. If left unset, one will be automatically
+# generated. (string value)
+#undercloud_heat_cfn_password = <None>
+
 # Neutron service password. If left unset, one will be automatically
 # generated. (string value)
 #undercloud_neutron_password = <None>