a1606f875e
The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment. To avoid conflicts, do not add this role to users with the heat_stack_owner role. Closes-Bug: #1690975 Change-Id: I7a4cb7f4a13de7be4fc9ce9c24057ece6a0ced5c
71 lines
3.0 KiB
YAML
71 lines
3.0 KiB
YAML
---
|
|
- name: Creating the Heat service and endpoint
|
|
kolla_toolbox:
|
|
module_name: "kolla_keystone_service"
|
|
module_args:
|
|
service_name: "{{ item.service_name }}"
|
|
service_type: "{{ item.service_type }}"
|
|
description: "{{ item.description }}"
|
|
endpoint_region: "{{ openstack_region_name }}"
|
|
url: "{{ item.url }}"
|
|
interface: "{{ item.interface }}"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ '{{ openstack_heat_auth }}' }}"
|
|
module_extra_vars:
|
|
openstack_heat_auth: "{{ openstack_heat_auth }}"
|
|
run_once: True
|
|
with_items:
|
|
- {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'OpenStack Orchestration'}
|
|
- {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'OpenStack Orchestration'}
|
|
- {'interface': 'public', 'url': '{{ heat_public_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'OpenStack Orchestration'}
|
|
- {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'OpenStack CloudFormation'}
|
|
- {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'OpenStack CloudFormation'}
|
|
- {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'OpenStack CloudFormation'}
|
|
|
|
- name: Creating the Heat project, user, and role
|
|
kolla_toolbox:
|
|
module_name: "kolla_keystone_user"
|
|
module_args:
|
|
project: "service"
|
|
user: "{{ heat_keystone_user }}"
|
|
password: "{{ heat_keystone_password }}"
|
|
role: "admin"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ '{{ openstack_heat_auth }}' }}"
|
|
module_extra_vars:
|
|
openstack_heat_auth: "{{ openstack_heat_auth }}"
|
|
run_once: True
|
|
|
|
- name: Creating the heat_stack_user role
|
|
kolla_toolbox:
|
|
module_name: os_keystone_role
|
|
module_args:
|
|
name: "{{ heat_stack_user_role }}"
|
|
auth: "{{ '{{ openstack_heat_auth }}' }}"
|
|
module_extra_vars:
|
|
openstack_heat_auth: "{{ openstack_heat_auth }}"
|
|
run_once: True
|
|
|
|
- name: Creating the heat_stack_owner role
|
|
kolla_toolbox:
|
|
module_name: os_keystone_role
|
|
module_args:
|
|
name: "{{ heat_stack_owner_role }}"
|
|
auth: "{{ '{{ openstack_heat_auth }}' }}"
|
|
module_extra_vars:
|
|
openstack_heat_auth: "{{ openstack_heat_auth }}"
|
|
run_once: True
|
|
|
|
- name: Add the heat_stack_owner role to the admin project
|
|
kolla_toolbox:
|
|
module_name: "os_user_role"
|
|
module_args:
|
|
project: "{{ openstack_auth.project_name }}"
|
|
user: "{{ openstack_auth.username }}"
|
|
role: "{{ heat_stack_owner_role }}"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ '{{ openstack_heat_auth }}' }}"
|
|
module_extra_vars:
|
|
openstack_heat_auth: "{{ openstack_heat_auth }}"
|
|
run_once: True
|