openstack/devstack
Code Issues Proposed changes

Allow heat-standalone to work with keystone v3

Browse Source 
Heat can now run in standalone mode with the default v3 keystone
backend.

This change removes the installation of the v2 contrib backend.
It also configures saner defaults when HEAT_STANDALONE is True.
Using trusts and a stack-domain will never work in standalone mode
since they both require a service user which doesn't exist in
standalone mode.

Finally, this change prevents heat.conf being populated with service user options
not required by standalone mode.

Configuring the v2 backend may be reintroduced later with a dedicated
flag variable.

Change-Id: I88403e359e5e59e776b25ba1b65fae6fa8a3548e
This commit is contained in:
Steve Baker 2014-12-16 12:00:40 +13:00
parent 5e159edab3
commit 744c2afd6f
2 changed files with 43 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
lib/heat
View File

@ -49,13 +49,19 @@ HEAT_CONF_DIR=/etc/heat
HEAT_CONF=$HEAT_CONF_DIR/heat.conf HEAT_CONF=$HEAT_CONF_DIR/heat.conf
HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP} HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
HEAT_API_PORT=${HEAT_API_PORT:-8004} HEAT_API_PORT=${HEAT_API_PORT:-8004}
# other default options # other default options
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts} if [[ "$HEAT_STANDALONE" = "True" ]]; then
# for standalone, use defaults which require no service user
HEAT_STACK_DOMAIN=`trueorfalse False $HEAT_STACK_DOMAIN`
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-password}
else
HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
fi
# Tell Tempest this project is present # Tell Tempest this project is present
TEMPEST_SERVICES+=,heat TEMPEST_SERVICES+=,heat
@ -77,13 +83,11 @@ function cleanup_heat {
sudo rm -rf $HEAT_AUTH_CACHE_DIR sudo rm -rf $HEAT_AUTH_CACHE_DIR
sudo rm -rf $HEAT_ENV_DIR sudo rm -rf $HEAT_ENV_DIR
sudo rm -rf $HEAT_TEMPLATES_DIR sudo rm -rf $HEAT_TEMPLATES_DIR
sudo rm -rf $HEAT_CONF_DIR
} }
# configure_heat() - Set config files, create data dirs, etc # configure_heat() - Set config files, create data dirs, etc
function configure_heat { function configure_heat {
if [[ "$HEAT_STANDALONE" = "True" ]]; then
setup_develop $HEAT_DIR/contrib/heat_keystoneclient_v2
fi
if [[ ! -d $HEAT_CONF_DIR ]]; then if [[ ! -d $HEAT_CONF_DIR ]]; then
sudo mkdir -p $HEAT_CONF_DIR sudo mkdir -p $HEAT_CONF_DIR
@ -127,24 +131,22 @@ function configure_heat {
# auth plugin setup. This should be fixed in heat. Heat is also the only # auth plugin setup. This should be fixed in heat. Heat is also the only
# service that requires the auth_uri to include a /v2.0. Remove this custom # service that requires the auth_uri to include a /v2.0. Remove this custom
# setup when bug #1300246 is resolved. # setup when bug #1300246 is resolved.
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
iniset $HEAT_CONF keystone_authtoken admin_user heat if [[ "$HEAT_STANDALONE" = "True" ]]; then
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD iniset $HEAT_CONF paste_deploy flavor standalone
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE else
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $HEAT_CONF keystone_authtoken admin_user heat
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
fi
# ec2authtoken # ec2authtoken
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
# paste_deploy
if [[ "$HEAT_STANDALONE" = "True" ]]; then
iniset $HEAT_CONF paste_deploy flavor standalone
iniset $HEAT_CONF DEFAULT keystone_backend heat_keystoneclient_v2.client.KeystoneClientV2
iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
fi
# OpenStack API # OpenStack API
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
iniset $HEAT_CONF heat_api workers "$API_WORKERS" iniset $HEAT_CONF heat_api workers "$API_WORKERS"
@ -243,30 +245,33 @@ function stop_heat {
# create_heat_accounts() - Set up common required heat accounts # create_heat_accounts() - Set up common required heat accounts
function create_heat_accounts { function create_heat_accounts {
create_service_user "heat" "admin" if [[ "$HEAT_STANDALONE" != "True" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then create_service_user "heat" "admin"
local heat_service=$(get_or_create_service "heat" \ if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
"orchestration" "Heat Orchestration Service")
get_or_create_endpoint $heat_service \
"$REGION_NAME" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
local heat_cfn_service=$(get_or_create_service "heat-cfn" \ local heat_service=$(get_or_create_service "heat" \
"cloudformation" "Heat CloudFormation Service") "orchestration" "Heat Orchestration Service")
get_or_create_endpoint $heat_cfn_service \ get_or_create_endpoint $heat_service \
"$REGION_NAME" \ "$REGION_NAME" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
local heat_cfn_service=$(get_or_create_service "heat-cfn" \
"cloudformation" "Heat CloudFormation Service")
get_or_create_endpoint $heat_cfn_service \
"$REGION_NAME" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
fi
# heat_stack_user role is for users created by Heat
get_or_create_role "heat_stack_user"
fi fi
# heat_stack_user role is for users created by Heat
get_or_create_role "heat_stack_user"
if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
iniset $HEAT_CONF DEFAULT deferred_auth_method trusts iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
fi fi

2
stack.sh
View File

@ -978,7 +978,7 @@ if is_service_enabled keystone; then
create_swift_accounts create_swift_accounts
fi fi
if is_service_enabled heat && [[ "$HEAT_STANDALONE" != "True" ]]; then if is_service_enabled heat; then
create_heat_accounts create_heat_accounts
fi fi