From 1746232d6067088eb2a6bd83eb6e059f28088119 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Tue, 22 Jan 2019 12:53:07 +0400 Subject: Pass domain name properly for heat stack user Change-Id: I74c1c85310e2012e664764b6129fc4a52faaf106 Signed-off-by: Michael Polenchuk --- ...003-Define-keystone-domain-for-heat-stack.patch | 11 +++++---- .../0002-Get-domain-id-instead-of-name.patch | 28 ++++++++++++++++++++++ .../cluster/mcp-common-ha/openstack_control.yml.j2 | 2 -- .../mcp-common-noha/openstack_control.yml.j2 | 2 -- mcp/salt-formulas/salt-formula-keystone | 2 +- 5 files changed, 35 insertions(+), 10 deletions(-) create mode 100644 mcp/patches/salt-formula-keystone/0002-Get-domain-id-instead-of-name.patch diff --git a/mcp/patches/reclass-system-salt-model/0003-Define-keystone-domain-for-heat-stack.patch b/mcp/patches/reclass-system-salt-model/0003-Define-keystone-domain-for-heat-stack.patch index 1da54c6ce..645c9bbdb 100644 --- a/mcp/patches/reclass-system-salt-model/0003-Define-keystone-domain-for-heat-stack.patch +++ b/mcp/patches/reclass-system-salt-model/0003-Define-keystone-domain-for-heat-stack.patch @@ -14,7 +14,7 @@ Create domain for heat stack user by keystone state, previously it was doing by heat-keystone-setup-domain script. diff --git a/keystone/client/v3/service/heat.yml b/keystone/client/v3/service/heat.yml -index 6c45bfe2..f1d500c7 100644 +index 6c45bfe2..25d16e18 100644 --- a/keystone/client/v3/service/heat.yml +++ b/keystone/client/v3/service/heat.yml @@ -6,6 +6,9 @@ parameters: @@ -22,23 +22,24 @@ index 6c45bfe2..f1d500c7 100644 resources: v3: + domains: -+ heat_user_domain: ++ heat: + description: 'Contains users and projects created by heat' roles: heat_stack_user: name: heat_stack_user -@@ -21,6 +24,14 @@ parameters: +@@ -21,6 +24,15 @@ parameters: service_admin: name: admin project_id: service + heat_domain_admin: ++ domain_id: heat + password: ${_param:heat_domain_admin_password} + email: ${_param:admin_email} + roles: + heat_stack_admin: + name: admin -+ role_domain_id: heat_user_domain -+ domain_id: heat_user_domain ++ role_domain_id: heat ++ domain_id: heat services: heat: type: orchestration diff --git a/mcp/patches/salt-formula-keystone/0002-Get-domain-id-instead-of-name.patch b/mcp/patches/salt-formula-keystone/0002-Get-domain-id-instead-of-name.patch new file mode 100644 index 000000000..ba7450260 --- /dev/null +++ b/mcp/patches/salt-formula-keystone/0002-Get-domain-id-instead-of-name.patch @@ -0,0 +1,28 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2019 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Michael Polenchuk +Date: Tue, 22 Jan 2019 12:43:12 +0400 +Subject: [PATCH] Get domain id instead of name for user_create + +diff --git a/_states/keystonev3.py b/_states/keystonev3.py +index 2dd651d..46aed30 100644 +--- a/_states/keystonev3.py ++++ b/_states/keystonev3.py +@@ -237,6 +237,11 @@ def user_present(name, cloud_name, password_reset=False, **kwargs): + 'project_get_details', kwargs['default_project_id'], + cloud_name=cloud_name)['project']['id'] + ++ if 'domain_id' in kwargs: ++ kwargs['domain_id'] = _keystonev3_call( ++ 'domain_get_details', kwargs['domain_id'], ++ cloud_name=cloud_name)['domain']['id'] ++ + if not users: + try: + resp = _keystonev3_call( diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 index 9e862febd..0770f5c45 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 @@ -117,8 +117,6 @@ parameters: host: ${_param:openstack_proxy_control_address} port: 8003 protocol: http - stack_domain_admin: - domain: heat_user_domain {%- else %} libvirt: server: diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml.j2 index e1ae1e054..d36d5830a 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml.j2 @@ -147,8 +147,6 @@ parameters: address: ${_param:single_address} api_cloudwatch: address: ${_param:single_address} - stack_domain_admin: - domain: heat_user_domain mysql: server: version: '5.7' diff --git a/mcp/salt-formulas/salt-formula-keystone b/mcp/salt-formulas/salt-formula-keystone index e2bb1e909..8814da19a 160000 --- a/mcp/salt-formulas/salt-formula-keystone +++ b/mcp/salt-formulas/salt-formula-keystone @@ -1 +1 @@ -Subproject commit e2bb1e90901ae0c9e9e5c14fd9495809cfd47f5d +Subproject commit 8814da19ad8d62d2789f2a90251c9cbcdb005295 -- cgit 1.2.3-korg