Create the heat_stack_user/owner role in the heat role

Change-Id: I78ce0071474fc693aa2a05397b2a9b5974266cd9 Partial-bug: #1609814
2016-08-04 16:35:23 +02:00 · 2016-08-04 16:35:23 +02:00 · bcff0f8a9a
parent 0ae470447d
commit bcff0f8a9a
4 changed files with 30 additions and 2 deletions
--- a/ansible/roles/heat/defaults/main.yml
+++ b/ansible/roles/heat/defaults/main.yml
@ -37,5 +37,7 @@ heat_cfn_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{
 heat_logging_debug: "{{ openstack_logging_debug }}"

 heat_keystone_user: "heat"
+heat_stack_user_role: "heat_stack_user"
+heat_stack_owner_role: "heat_stack_owner"

 openstack_heat_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@ -41,3 +41,29 @@
  retries: 10
  delay: 5
  run_once: True
+
+- name: Creating the heat_stack_user role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m os_keystone_role
+    -a "name={{ heat_stack_user_role }}
+        auth={{ '{{ openstack_heat_auth }}' }}"
+    -e "{'openstack_horizon_auth':{{ openstack_heat_auth }}}"
+  register: heat_stack_user_role_result
+  changed_when: "{{ heat_stack_user_result.stdout.find('localhost | SUCCESS => ') != -1 and (heat_stack_user_result.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: heat_stack_user_result.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the heat_stack_owner role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m os_keystone_role
+    -a "name={{ heat_stack_owner_role }}
+        auth={{ '{{ openstack_heat_auth }}' }}"
+    -e "{'openstack_horizon_auth':{{ openstack_heat_auth }}}"
+  register: heat_stack_owner_role_result
+  changed_when: "{{ heat_stack_owner_result.stdout.find('localhost | SUCCESS => ') != -1 and (heat_stack_owner_result.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: heat_stack_owner_result.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@ -7,6 +7,8 @@ heat_watch_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ hea
 heat_metadata_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}
 heat_waitcondition_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1/waitcondition

+heat_stack_user_role = {{ heat_stack_user_role }}
+
 stack_domain_admin = heat_domain_admin
 stack_domain_admin_password = {{ heat_domain_admin_password }}
 stack_user_domain_name = heat_user_domain
--- a/docker/heat/heat-api/extend_start.sh
+++ b/docker/heat/heat-api/extend_start.sh
@ -10,8 +10,6 @@ if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
        openstack domain create heat_user_domain
        openstack user create --domain heat_user_domain heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD}
        openstack role add --domain heat_user_domain --user-domain heat_user_domain --user heat_domain_admin admin
-        openstack role create heat_stack_owner
-        openstack role create heat_stack_user
    fi
    exit 0
 fi