aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/openstack_newton_xenial/roles/heat
diff options
context:
space:
mode:
authorliyuenan <liyuenan@huawei.com>2016-10-26 13:55:23 +0800
committerliyuenan <liyuenan@huawei.com>2016-11-09 14:11:48 +0800
commit14c337344987857a4648ff08365b8b128a553ef8 (patch)
treec277582d07b1a9ee65780a49db7071d3c6fb1978 /deploy/adapters/ansible/openstack_newton_xenial/roles/heat
parentdbbb61368932e724f8aae720e1de53ae5c4eebf3 (diff)
Update the API version for Openstack Newton
Use the "keystone-manage bootstrap" command to instead of admin_token. Because the admin_token is treated as a "shared secret" that can be used to bootstrap Keystone through the API. This "token" does not represent a user (it has no identity), and carries no explicit authorization (it effectively bypasses most authorization checks). Use the API v3 to instead of API v2.0. Identity API v3 was established to introduce namespacing for users and projects by using "domains" as a higher-level container for more flexible identity management and fixed a security issue in the v2.0 API (bearer tokens appearing in URLs). JIRA: COMPASS-491 Change-Id: I56182c14b761728c3492b9dd2b05c3b57aa5f35f Signed-off-by: liyuenan <liyuenan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/openstack_newton_xenial/roles/heat')
-rw-r--r--deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml2
-rw-r--r--deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j236
2 files changed, 32 insertions, 6 deletions
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml
index b90e6402..6a0f1c73 100644
--- a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml
@@ -21,7 +21,7 @@
- name: create heat user domain
shell: >
- . /opt/admin-openrc-v3.sh;
+ . /opt/admin-openrc.sh;
openstack domain create --description "Stack projects and users" heat;
openstack user create --domain heat --password {{ HEAT_PASS }} heat_domain_admin;
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin;
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2
index 62df9fd9..72d4b61e 100644
--- a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2
@@ -1,10 +1,13 @@
+{% set memcached_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+
[DEFAULT]
heat_metadata_server_url = http://{{ internal_vip.ip }}:8000
heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition
rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_userid = {{ RABBIT_USER }}
-rabbit_password = {{ RABBIT_PASS }}
log_dir = /var/log/heat
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = {{ HEAT_PASS }}
@@ -17,12 +20,35 @@ use_db_reconnect = True
pool_timeout = 10
[ec2authtoken]
-auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+auth_uri = http://{{ internal_vip.ip }}:5000
+
+[clients_keystone]
+auth_uri = http://{{ internal_vip.ip }}:35357
[keystone_authtoken]
-auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+memcached_servers = {{ memcached_servers }}
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = heat
+password = {{ HEAT_PASS }}
+
identity_uri = http://{{ internal_vip.ip }}:35357
admin_tenant_name = service
admin_user = heat
admin_password = {{ HEAT_PASS }}
+[oslo_messaging_rabbit]
+rabbit_host = {{ rabbit_host }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+
+[trustee]
+auth_type = password
+auth_url = http://{{ internal_vip.ip }}:35357
+username = heat
+password = {{ HEAT_PASS }}
+user_domain_name = default