Use keystone library for heat_stack_domain_admin
The keystone library has been updated to support adding a user to a domain and assigning a role without specifying a project. Use it instead of shelling out to the openstackclient. Backport for change I2659f0496528c29e036c459494a463182e69599d Closes-Bug: 1579612 Depends-On: If515ec94e980365ebd38781498ee541df2f3d431 Change-Id: I79ac6820c03ddbb2df33d123bddfa917613f033d
This commit is contained in:
parent
a9291b9dc0
commit
da8c5e2ec0
|
@ -52,47 +52,38 @@
|
|||
- heat-domain-setup
|
||||
- heat-config
|
||||
|
||||
# TODO Change the keystone library to support adding
|
||||
# a user to a domain without specifying a project
|
||||
- name: Ensure heat user
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
{{ heat_bin }}/openstack \
|
||||
--os-identity-api-version=3 \
|
||||
--os-auth-url={{ keystone_service_adminurl }} \
|
||||
--os-project-name={{ heat_project_name }} \
|
||||
--os-project-domain-name={{ heat_project_domain_name }} \
|
||||
--os-user-domain-name={{ heat_user_domain_name }} \
|
||||
user \
|
||||
create \
|
||||
--or-show \
|
||||
--domain {{ heat_stack_user_domain_name }} \
|
||||
--password {{ heat_stack_domain_admin_password }} \
|
||||
"{{ heat_stack_domain_admin }}"
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
password: "{{ heat_stack_domain_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- heat-domain
|
||||
- heat-domain-setup
|
||||
- heat-config
|
||||
- heat-command-bin
|
||||
|
||||
|
||||
# TODO Change the keystone library to support adding
|
||||
# a role to a user without specifying a project
|
||||
- name: Assign admin role to heat domain admin user
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
{{ heat_bin }}/openstack \
|
||||
--os-identity-api-version=3 \
|
||||
--os-auth-url={{ keystone_service_adminurl }} \
|
||||
--os-project-name={{ heat_project_name }} \
|
||||
--os-project-domain-name={{ heat_project_domain_name }} \
|
||||
--os-user-domain-name={{ heat_user_domain_name }} \
|
||||
role \
|
||||
add \
|
||||
--user {{ heat_stack_domain_admin }} \
|
||||
--domain {{ heat_stack_user_domain_name }} \
|
||||
--user-domain {{ heat_stack_user_domain_name }} \
|
||||
admin
|
||||
- name: Ensure heat role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
role_name: "admin"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- heat-domain
|
||||
- heat-domain-setup
|
||||
|
|
Loading…
Reference in New Issue