From bcff0f8a9a635854b2056bfbbecd659757a2cd16 Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@betacloud-solutions.de>
Date: Thu, 4 Aug 2016 16:35:23 +0200
Subject: [PATCH] Create the heat_stack_user/owner role in the heat role
Change-Id: I78ce0071474fc693aa2a05397b2a9b5974266cd9
Partial-bug: #1609814
---
ansible/roles/heat/defaults/main.yml | 2 ++
ansible/roles/heat/tasks/register.yml | 26 +++++++++++++++++++++++
ansible/roles/heat/templates/heat.conf.j2 | 2 ++
docker/heat/heat-api/extend_start.sh | 2 --
4 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml
index 9ceb0a59f6..5b6999cdec 100644
--- a/ansible/roles/heat/defaults/main.yml
+++ b/ansible/roles/heat/defaults/main.yml
@@ -37,5 +37,7 @@ heat_cfn_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{
heat_logging_debug: "{{ openstack_logging_debug }}"
heat_keystone_user: "heat"
+heat_stack_user_role: "heat_stack_user"
+heat_stack_owner_role: "heat_stack_owner"
openstack_heat_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
diff --git a/ansible/roles/heat/tasks/register.yml b/ansible/roles/heat/tasks/register.yml
index e5e595c53c..60112159c7 100644
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@@ -41,3 +41,29 @@
retries: 10
delay: 5
run_once: True
+
+- name: Creating the heat_stack_user role
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m os_keystone_role
+ -a "name={{ heat_stack_user_role }}
+ auth={{ '{{ openstack_heat_auth }}' }}"
+ -e "{'openstack_horizon_auth':{{ openstack_heat_auth }}}"
+ register: heat_stack_user_role_result
+ changed_when: "{{ heat_stack_user_result.stdout.find('localhost | SUCCESS => ') != -1 and (heat_stack_user_result.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: heat_stack_user_result.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
+
+- name: Creating the heat_stack_owner role
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m os_keystone_role
+ -a "name={{ heat_stack_owner_role }}
+ auth={{ '{{ openstack_heat_auth }}' }}"
+ -e "{'openstack_horizon_auth':{{ openstack_heat_auth }}}"
+ register: heat_stack_owner_role_result
+ changed_when: "{{ heat_stack_owner_result.stdout.find('localhost | SUCCESS => ') != -1 and (heat_stack_owner_result.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: heat_stack_owner_result.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index 8f7b0529e8..fdc624edd7 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -7,6 +7,8 @@ heat_watch_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ hea
heat_metadata_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}
heat_waitcondition_server_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1/waitcondition
+heat_stack_user_role = {{ heat_stack_user_role }}
+
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = {{ heat_domain_admin_password }}
stack_user_domain_name = heat_user_domain
diff --git a/docker/heat/heat-api/extend_start.sh b/docker/heat/heat-api/extend_start.sh
index 59c7a3ab77..be87c09235 100644
--- a/docker/heat/heat-api/extend_start.sh
+++ b/docker/heat/heat-api/extend_start.sh
@@ -10,8 +10,6 @@ if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
openstack domain create heat_user_domain
openstack user create --domain heat_user_domain heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD}
openstack role add --domain heat_user_domain --user-domain heat_user_domain --user heat_domain_admin admin
- openstack role create heat_stack_owner
- openstack role create heat_stack_user
fi
exit 0
fi