Move heat keystone setup into lib/heat
Move the heat setup which currently happens in files/keystone_data.sh
to lib/heat, where we have create_heat_accounts.
Move the user, role, service and endpoint creation as that is consistent
with what other services, e.g lib/nova are doing.
Change-Id: Iaa2c822cad581d6b2b4f22f8863daf81e25f8485
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 9a34c76..fc1e813 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -53,41 +53,6 @@
--role ResellerAdmin
fi
-# Heat
-if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
- keystone user-create --name=heat \
- --pass="$SERVICE_PASSWORD" \
- --tenant $SERVICE_TENANT_NAME \
- --email=heat@example.com
- keystone user-role-add --tenant $SERVICE_TENANT_NAME \
- --user heat \
- --role service
- # heat_stack_user role is for users created by Heat
- keystone role-create --name heat_stack_user
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- keystone service-create \
- --name=heat-cfn \
- --type=cloudformation \
- --description="Heat CloudFormation Service"
- keystone endpoint-create \
- --region RegionOne \
- --service heat-cfn \
- --publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
- --adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
- --internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
- keystone service-create \
- --name=heat \
- --type=orchestration \
- --description="Heat Service"
- keystone endpoint-create \
- --region RegionOne \
- --service heat \
- --publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
- --adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
- --internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
- fi
-fi
-
# Glance
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
keystone user-create \
diff --git a/lib/heat b/lib/heat
index d0c0302..42d1057 100644
--- a/lib/heat
+++ b/lib/heat
@@ -197,8 +197,49 @@
}
# create_heat_accounts() - Set up common required heat accounts
-# Note this is in addition to what is in files/keystone_data.sh
function create_heat_accounts {
+ # migrated from files/keystone_data.sh
+ SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
+ ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
+
+ HEAT_USER=$(openstack user create \
+ heat \
+ --password "$SERVICE_PASSWORD" \
+ --project $SERVICE_TENANT \
+ --email heat@example.com \
+ | grep " id " | get_field 2)
+ openstack role add \
+ $ADMIN_ROLE \
+ --project $SERVICE_TENANT \
+ --user $HEAT_USER
+ if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+ HEAT_SERVICE=$(openstack service create \
+ heat \
+ --type=orchestration \
+ --description="Heat Orchestration Service" \
+ | grep " id " | get_field 2)
+ openstack endpoint create \
+ $HEAT_SERVICE \
+ --region RegionOne \
+ --publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+ --adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+ --internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
+ HEAT_CFN_SERVICE=$(openstack service create \
+ heat \
+ --type=cloudformation \
+ --description="Heat CloudFormation Service" \
+ | grep " id " | get_field 2)
+ openstack endpoint create \
+ $HEAT_CFN_SERVICE \
+ --region RegionOne \
+ --publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+ --adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+ --internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
+ fi
+
+ # heat_stack_user role is for users created by Heat
+ openstack role create heat_stack_user
+
# Note we have to pass token/endpoint here because the current endpoint and
# version negotiation in OSC means just --os-identity-api-version=3 won't work
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
diff --git a/stack.sh b/stack.sh
index ccd567e..ec8de2d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -934,8 +934,7 @@
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \
SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \
S3_SERVICE_PORT=$S3_SERVICE_PORT KEYSTONE_CATALOG_BACKEND=$KEYSTONE_CATALOG_BACKEND \
- DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES HEAT_API_CFN_PORT=$HEAT_API_CFN_PORT \
- HEAT_API_PORT=$HEAT_API_PORT \
+ DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
bash -x $FILES/keystone_data.sh
# Set up auth creds now that keystone is bootstrapped