From 8e21cb6530e6e55d8a080887dfbf93f0d07edeb1 Mon Sep 17 00:00:00 2001 From: QiLiang Date: Mon, 29 Aug 2016 14:01:23 +0800 Subject: Add heat user domain configuration FIX Rally heat create_update_delete_stack test case failure for Liberty Ubuntu JIRA: COMPASS-454 Change-Id: Id4538f9caa5b619d66ab8fe97c63b10688ffe104 Signed-off-by: QiLiang --- .../roles/keystone/templates/admin-openrc-v3.sh | 19 --------------- .../roles/keystone/vars/Debian.yml | 21 ---------------- .../roles/keystone/templates/admin-openrc-v3.sh | 19 --------------- .../ansible/roles/heat/tasks/heat_install.yml | 21 ++++++++++++++++ .../ansible/roles/heat/templates/heat_debian.j2 | 28 ++++++++++++++++++++++ .../roles/keystone/tasks/keystone_install.yml | 1 + .../roles/keystone/templates/admin-openrc-v3.sh | 19 +++++++++++++++ .../ansible/roles/keystone/vars/Debian.yml | 1 + 8 files changed, 70 insertions(+), 59 deletions(-) delete mode 100644 deploy/adapters/ansible/openstack_mitaka/roles/keystone/templates/admin-openrc-v3.sh delete mode 100644 deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/Debian.yml delete mode 100644 deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/admin-openrc-v3.sh create mode 100644 deploy/adapters/ansible/roles/heat/templates/heat_debian.j2 create mode 100644 deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v3.sh diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/templates/admin-openrc-v3.sh b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/templates/admin-openrc-v3.sh deleted file mode 100644 index c3d863e8..00000000 --- a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/templates/admin-openrc-v3.sh +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# Verify the Identity Service installation -export OS_PASSWORD={{ ADMIN_PASS }} -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 -export OS_IDENTITY_API_VERSION=3 -export OS_USERNAME=admin -export OS_VOLUME_API_VERSION=2 -export OS_USER_DOMAIN_NAME=Default -export OS_PROJECT_DOMAIN_NAME=Default - - diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/Debian.yml deleted file mode 100644 index b8d8e7c2..00000000 --- a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/Debian.yml +++ /dev/null @@ -1,21 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -cron_path: "/var/spool/cron/crontabs" - -packages: - - keystone - - python-openstackclient - -services: - - apache2 - -apache_config_dir: /etc/apache2 -http_service_name: apache2 diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/admin-openrc-v3.sh b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/admin-openrc-v3.sh deleted file mode 100644 index c3d863e8..00000000 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/admin-openrc-v3.sh +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# Verify the Identity Service installation -export OS_PASSWORD={{ ADMIN_PASS }} -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 -export OS_IDENTITY_API_VERSION=3 -export OS_USERNAME=admin -export OS_VOLUME_API_VERSION=2 -export OS_USER_DOMAIN_NAME=Default -export OS_PROJECT_DOMAIN_NAME=Default - - diff --git a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml index 1fbada8c..a6e76c74 100644 --- a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml +++ b/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml @@ -17,6 +17,18 @@ lineinfile: dest=/opt/service create=yes line='{{ item }}' with_items: services | union(services_noarch) +# ' + +- name: create heat user domain + shell: > + . /opt/admin-openrc-v3.sh; + openstack domain create --description "Stack projects and users" heat; + openstack user create --domain heat --password {{ HEAT_PASS }} heat_domain_admin; + openstack role add --domain heat --user-domain heat --user heat_domain_admin admin; + openstack role create heat_stack_owner; + openstack role add --project demo --user demo heat_stack_owner; + when: inventory_hostname == groups['controller'][0] and ansible_os_family == "Debian" + - name: update heat conf template: src=heat.j2 dest=/etc/heat/heat.conf @@ -24,4 +36,13 @@ notify: - restart heat service - remove heat-sqlite-db + when: ansible_os_family == "RedHat" +- name: update heat conf + template: src=heat_debian.j2 + dest=/etc/heat/heat.conf + backup=yes + notify: + - restart heat service + - remove heat-sqlite-db + when: ansible_os_family == "Debian" diff --git a/deploy/adapters/ansible/roles/heat/templates/heat_debian.j2 b/deploy/adapters/ansible/roles/heat/templates/heat_debian.j2 new file mode 100644 index 00000000..62df9fd9 --- /dev/null +++ b/deploy/adapters/ansible/roles/heat/templates/heat_debian.j2 @@ -0,0 +1,28 @@ +[DEFAULT] +heat_metadata_server_url = http://{{ internal_vip.ip }}:8000 +heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +log_dir = /var/log/heat +stack_domain_admin = heat_domain_admin +stack_domain_admin_password = {{ HEAT_PASS }} +stack_user_domain_name = heat + +[database] +connection = mysql://heat:{{ HEAT_DBPASS }}@{{ db_host }}/heat +idle_timeout = 30 +use_db_reconnect = True +pool_timeout = 10 + +[ec2authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = heat +admin_password = {{ HEAT_PASS }} + diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml index ffae8ff0..ea6926f4 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml @@ -83,5 +83,6 @@ with_items: - admin-openrc.sh - demo-openrc.sh + - admin-openrc-v3.sh - meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v3.sh b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v3.sh new file mode 100644 index 00000000..c3d863e8 --- /dev/null +++ b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v3.sh @@ -0,0 +1,19 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# Verify the Identity Service installation +export OS_PASSWORD={{ ADMIN_PASS }} +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 +export OS_IDENTITY_API_VERSION=3 +export OS_USERNAME=admin +export OS_VOLUME_API_VERSION=2 +export OS_USER_DOMAIN_NAME=Default +export OS_PROJECT_DOMAIN_NAME=Default + + diff --git a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml index 67547277..b8d8e7c2 100644 --- a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml +++ b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml @@ -12,6 +12,7 @@ cron_path: "/var/spool/cron/crontabs" packages: - keystone + - python-openstackclient services: - apache2 -- cgit 1.2.3-korg