Add Ansible support for Heat

This changes bootstrapping of the Heat container to bootstrap the Heat container with a heat domain user. This requires some work from bootstrap.yml to pass in several environment variables needed by the heat domain setup script. Co-Authored-By: Sam Yaple <sam@yaple.net> Change-Id: Iab05983754fa514835cb5ff54d775faa18773110 Partially-implements: blueprint ansible-heat
2015-08-02 12:26:30 -07:00 · 2015-08-02 12:26:30 -07:00 · 5e521f0550
commit 5e521f0550
parent 730276aaf9
26 changed files with 415 additions and 23 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -96,6 +96,10 @@ swift_object_server_port: "6000"
 swift_account_server_port: "6001"
 swift_container_server_port: "6002"
 heat_api_port: "8004"
 heat_api_cfn_port: "8000"
 ####################
 # Openstack options
 ####################
@ -133,9 +137,11 @@ enable_rabbitmq: "yes"
 # Additional optional OpenStack services are specified here
 enable_cinder: "no"
 enable_heat: "yes"
 enable_horizon: "yes"
 enable_swift: "no"
 ####################
 # RabbitMQ options
 ####################
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@ -48,6 +48,9 @@ control
 [swift:children]
 control
 [heat:children]
 control
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
@ -111,3 +114,13 @@ storage
 [swift-object-server:children]
 storage
 # Heat
 [heat-api:children]
 heat
 [heat-api-cfn:children]
 heat
 [heat-engine:children]
 heat
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@ -9,6 +9,8 @@ control03       ansible_ssh_user=sam
 # The above can also be specified as follows:
 #control[01:03]     ansible_ssh_user=sam
 # The network nodes are where your l3-agent and loadbalancers will run
 # This can be the same as a a host in the control group
 [network]
 network01
@ -54,6 +56,9 @@ control
 [swift:children]
 control
 [heat:children]
 control
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
@ -117,3 +122,13 @@ storage
 [swift-object-server:children]
 storage
 # Heat
 [heat-api:children]
 heat
 [heat-api-cfn:children]
 heat
 [heat-engine:children]
 heat
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@ -97,3 +97,15 @@ listen cinder_api
 {% for host in groups['cinder-api'] %}
  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
 listen heat_api
  bind {{ kolla_internal_address }}:{{ heat_api_port }}
 {% for host in groups['heat-api'] %}
  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
 listen heat_api_cfn
  bind {{ kolla_internal_address }}:{{ heat_api_cfn_port }}
 {% for host in groups['heat-api-cfn'] %}
  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
--- a/ansible/roles/heat/defaults/main.yml
+++ b/ansible/roles/heat/defaults/main.yml
@ -0,0 +1,43 @@
 ---
 project_name: "heat"
 ####################
 # Database
 ####################
 heat_database_name: "heat"
 heat_database_user: "heat"
 heat_database_address: "{{ kolla_internal_address }}"
 ####################
 # Docker
 ####################
 heat_registry_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-registry"
 heat_registry_tag: "{{ openstack_release }}"
 heat_registry_image_full: "{{ heat_registry_image }}:{{ heat_registry_tag }}"
 heat_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-api"
 heat_api_tag: "{{ openstack_release }}"
 heat_api_image_full: "{{ heat_api_image }}:{{ heat_api_tag }}"
 heat_api_cfn_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-api-cfn"
 heat_api_cfn_tag: "{{ openstack_release }}"
 heat_api_cfn_image_full: "{{ heat_api_cfn_image }}:{{ heat_api_cfn_tag }}"
 heat_engine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-engine"
 heat_engine_tag: "{{ openstack_release }}"
 heat_engine_image_full: "{{ heat_engine_image }}:{{ heat_engine_tag }}"
 ####################
 # Openstack
 ####################
 heat_public_address: "{{ kolla_external_address }}"
 heat_admin_address: "{{ kolla_internal_address }}"
 heat_internal_address: "{{ kolla_internal_address }}"
 heat_logging_verbose: "{{ openstack_logging_verbose }}"
 heat_logging_debug: "{{ openstack_logging_debug }}"
 heat_keystone_user: "heat"
 openstack_heat_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
--- a/ansible/roles/heat/tasks/bootstrap.yml
+++ b/ansible/roles/heat/tasks/bootstrap.yml
@ -0,0 +1,68 @@
 ---
 - name: Creating Heat database
  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
    -m mysql_db
    -a "login_host='{{ database_address }}'
        login_user='{{ database_user }}'
        login_password='{{ database_password }}'
        name='{{ heat_database_name }}'"
  register: database
  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
  failed_when: database.stdout.split()[2] != 'SUCCESS'
  run_once: True
 - name: Creating Heat database user and setting permissions
  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
    -m mysql_user
    -a "login_host='{{ database_address }}'
        login_user='{{ database_user }}'
        login_password='{{ database_password }}'
        name='{{ heat_database_name }}'
        password='{{ heat_database_password }}'
        host='%'
        priv='{{ heat_database_name }}.*:ALL'
        append_privs='yes'"
  register: database_user
  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
  failed_when: database_user.stdout.split()[2] != 'SUCCESS'
  run_once: True
 - name: Starting Heat bootstrap container
  docker:
    detach: False
    docker_api_version: "{{ docker_api_version }}"
    net: host
    pull: "{{ docker_pull_policy }}"
    restart_policy: "no"
    state: reloaded
    registry: "{{ docker_registry }}"
    username: "{{ docker_registry_username }}"
    password: "{{ docker_registry_password }}"
    insecure_registry: "{{ docker_insecure_registry }}"
    name: bootstrap_heat
    image: "{{ heat_api_image_full }}"
    volumes: "{{ node_config_directory }}/heat-api/:/opt/kolla/heat-api/:ro"
    env:
      KOLLA_BOOTSTRAP:
      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
      OS_AUTH_URL: "{{ openstack_auth.auth_url }}"
      OS_IDENTITY_API_VERSION: "3"
      OS_USERNAME: "{{ openstack_auth.username }}"
      OS_PASSWORD: "{{ openstack_auth.password }}"
      OS_PROJECT_NAME: "{{ openstack_auth.project_name }}"
      HEAT_DOMAIN_ADMIN_PASSWORD: "{{ heat_domain_admin_password }}"
  run_once: True
  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
 # https://github.com/ansible/ansible-modules-core/pull/1031
 - name: Waiting for bootstrap container to exit
  command: docker wait bootstrap_heat
  run_once: True
  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
 - name: Cleaning up Heat boostrap container
  docker:
    name: bootstrap_heat
    image: "{{ heat_api_image_full }}"
    state: absent
  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
--- a/ansible/roles/heat/tasks/config.yml
+++ b/ansible/roles/heat/tasks/config.yml
@ -0,0 +1,55 @@
 ---
 - include: ../../config.yml
  vars:
    service_name: "heat-engine"
    config_source:
      - "roles/heat/templates/heat.conf.j2"
      - "/etc/kolla/config/global.conf"
      - "/etc/kolla/config/database.conf"
      - "/etc/kolla/config/heat.conf"
      - "/etc/kolla/config/heat/heat-engine.conf"
    config_template_dest:
      - "{{ node_templates_directory }}/heat-engine/heat.conf_minimal"
      - "{{ node_templates_directory }}/heat-engine/heat.conf_global"
      - "{{ node_templates_directory }}/heat-engine/heat.conf_database"
      - "{{ node_templates_directory }}/heat-engine/heat.conf_augment"
      - "{{ node_templates_directory }}/heat-engine/heat-engine.conf_augment"
    config_dest: "{{ node_config_directory }}/heat-engine/heat.conf"
 - include: ../../config.yml
  vars:
    service_name: "heat-api"
    config_source:
      - "roles/heat/templates/heat.conf.j2"
      - "/etc/kolla/config/global.conf"
      - "/etc/kolla/config/database.conf"
      - "/etc/kolla/config/messaging.conf"
      - "/etc/kolla/config/heat.conf"
      - "/etc/kolla/config/heat/heat-api.conf"
    config_template_dest:
      - "{{ node_templates_directory }}/heat-api/heat.conf_minimal"
      - "{{ node_templates_directory }}/heat-api/heat.conf_global"
      - "{{ node_templates_directory }}/heat-api/heat.conf_database"
      - "{{ node_templates_directory }}/heat-api/heat.conf_messaging"
      - "{{ node_templates_directory }}/heat-api/heat.conf_augment"
      - "{{ node_templates_directory }}/heat-api/heat-api.conf_augment"
    config_dest: "{{ node_config_directory }}/heat-api/heat.conf"
 - include: ../../config.yml
  vars:
    service_name: "heat-api-cfn"
    config_source:
      - "roles/heat/templates/heat.conf.j2"
      - "/etc/kolla/config/global.conf"
      - "/etc/kolla/config/database.conf"
      - "/etc/kolla/config/messaging.conf"
      - "/etc/kolla/config/heat.conf"
      - "/etc/kolla/config/heat/heat-api-cfn.conf"
    config_template_dest:
      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_minimal"
      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_global"
      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_database"
      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_messaging"
      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_augment"
      - "{{ node_templates_directory }}/heat-api-cfn/heat-api-cfn.conf_augment"
    config_dest: "{{ node_config_directory }}/heat-api-cfn/heat.conf"
--- a/ansible/roles/heat/tasks/main.yml
+++ b/ansible/roles/heat/tasks/main.yml
@ -0,0 +1,8 @@
 ---
 - include: register.yml
 - include: config.yml
 - include: bootstrap.yml
 - include: start.yml
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@ -0,0 +1,57 @@
 ---
 - name: Creating the Heat service and endpoint
  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
    -m kolla_keystone_service
    -a "service_name=heat
        service_type=orchestration
        description='Openstack Orchestration'
        endpoint_region={{ openstack_region_name }}
        admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
        internal_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
        public_url='http://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_heat_auth }}' }}"
    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
  register: heat_endpoint
  changed_when: "{{ heat_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (heat_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
  until: heat_endpoint.stdout.split()[2] == 'SUCCESS'
  retries: 10
  delay: 5
  run_once: True
 - name: Creating the Heat-cfn service and endpoint
  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
    -m kolla_keystone_service
    -a "service_name=heat-cfn
        service_type=orchestration
        description='Openstack Orchestration'
        endpoint_region={{ openstack_region_name }}
        admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1'
        internal_url='http://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1'
        public_url='http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_heat_auth }}' }}"
    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
  register: heat_endpoint
  changed_when: "{{ heat_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (heat_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
  until: heat_endpoint.stdout.split()[2] == 'SUCCESS'
  retries: 10
  delay: 5
  run_once: True
 - name: Creating the Heat project, user, and role
  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
    -m kolla_keystone_user
    -a "project=service
        user=heat
        password={{ heat_keystone_password }}
        role=admin
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_heat_auth }}' }}"
    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
  register: heat_user
  changed_when: "{{ heat_user.stdout.find('localhost | SUCCESS => ') != -1 and (heat_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
  until: heat_user.stdout.split()[2] == 'SUCCESS'
  retries: 10
  delay: 5
  run_once: True
--- a/ansible/roles/heat/tasks/start.yml
+++ b/ansible/roles/heat/tasks/start.yml
@ -0,0 +1,57 @@
 ---
 - name: Starting heat-api container
  docker:
    docker_api_version: "{{ docker_api_version }}"
    net: host
    pull: "{{ docker_pull_policy }}"
    restart_policy: "{{ docker_restart_policy }}"
    restart_policy_retry: "{{ docker_restart_policy_retry }}"
    state: reloaded
    registry: "{{ docker_registry }}"
    username: "{{ docker_registry_username }}"
    password: "{{ docker_registry_password }}"
    insecure_registry: "{{ docker_insecure_registry }}"
    name: heat_api
    image: "{{ heat_api_image_full }}"
    volumes: "{{ node_config_directory }}/heat-api/:/opt/kolla/heat-api/:ro"
    env:
      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
  when: inventory_hostname in groups['heat-api']
 - name: Starting heat-api-cfn container
  docker:
    docker_api_version: "{{ docker_api_version }}"
    net: host
    pull: "{{ docker_pull_policy }}"
    restart_policy: "{{ docker_restart_policy }}"
    restart_policy_retry: "{{ docker_restart_policy_retry }}"
    state: reloaded
    registry: "{{ docker_registry }}"
    username: "{{ docker_registry_username }}"
    password: "{{ docker_registry_password }}"
    insecure_registry: "{{ docker_insecure_registry }}"
    name: heat_api_cfn
    image: "{{ heat_api_cfn_image_full }}"
    volumes: "{{ node_config_directory }}/heat-api-cfn/:/opt/kolla/heat-api-cfn/:ro"
    env:
      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
  when: inventory_hostname in groups['heat-api-cfn']
 - name: Starting heat-engine container
  docker:
    docker_api_version: "{{ docker_api_version }}"
    net: host
    pull: "{{ docker_pull_policy }}"
    restart_policy: "{{ docker_restart_policy }}"
    restart_policy_retry: "{{ docker_restart_policy_retry }}"
    state: reloaded
    registry: "{{ docker_registry }}"
    username: "{{ docker_registry_username }}"
    password: "{{ docker_registry_password }}"
    insecure_registry: "{{ docker_insecure_registry }}"
    name: heat_engine
    image: "{{ heat_engine_image_full }}"
    volumes: "{{ node_config_directory }}/heat-engine/:/opt/kolla/heat-engine/:ro"
    env:
      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
  when: inventory_hostname in groups['heat-engine']
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@ -0,0 +1,45 @@
 [DEFAULT]
 heat_watch_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
 heat_metadata_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
 heat_waitcondition_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition
 stack_domain_admin = heat_domain_admin
 stack_domain_admin_password = {{ heat_domain_admin_password }}
 stack_user_domain_name = heat_user_domain
 rpc_backend = rabbit
 notification_driver = noop
 [oslo_messaging_rabbit]
 rabbit_host = {{ kolla_internal_address }}
 rabbit_userid = {{ rabbitmq_user }}
 rabbit_password = {{ rabbitmq_password }}
 rabbit_ha_queues = true
 {% if service_name == 'heat-api' %}
 [heat_api]
 bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
 bind_port = {{ heat_api_port }}
 {% endif %}
 {% if service_name == 'heat-api-cfn' %}
 [heat_api_cfn]
 bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
 bind_port = {{ heat_api_cfn_port }}
 {% endif %}
 [database]
 connection = mysql://{{ heat_database_user }}:{{ heat_database_password }}@{{ heat_database_address }}/{{ heat_database_name }}
 [keystone_authtoken]
 auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
 auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_plugin = password
 project_domain_id = default
 user_domain_id = default
 project_name = service
 username = heat
 password = {{ heat_keystone_password }}
 [ec2authtoken]
 auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
--- a/ansible/site.yml
+++ b/ansible/site.yml
@ -35,6 +35,10 @@
  roles:
    - { role: cinder, tags: cinder, when: enable_cinder | bool }
 - hosts: [heat-api, heat-api-cfn, heat-engine]
  roles:
    - { role: heat, tags: heat, when: enable_heat | bool }
 - hosts: horizon
  roles:
    - { role: horizon, tags: horizon, when: enable_horizon | bool }
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@ -65,6 +65,7 @@ RUN yum install -y \
        git \
        iproute \
        mariadb-libs \
        MySQL-python \
        openssl \
        openstack-utils \
        pyparsing \
@ -108,6 +109,7 @@ RUN yum install -y \
        python-netifaces \
        python-networkx \
        python-oauthlib \
        python-openstackclient \
        python-oslo-config \
        python-oslo-messaging \
        python-oslo-rootwrap \
@ -173,7 +175,6 @@ RUN yum update -y \
        libxslt-devel \
        mariadb-devel \
        mysql-devel \
        MySQL-python \
        openldap-devel \
        openssl \
        openssl-devel \
@ -210,7 +211,6 @@ RUN apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com 199369E5404BD
        build-essential \
        python-dev \
        libssl-dev \
        python-mysqldb \
        libmariadbclient-dev \
        libxslt1-dev \
        libffi-dev \
@ -228,7 +228,11 @@ RUN apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com 199369E5404BD
 RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
    && python get-pip.py \
-    && rm get-pip.py
+    && rm get-pip.py \
    && pip --no-cache-dir install \
        python-openstackclient \
        MySQL-python \
        numpy
 # Endif for install_type source
 {% endif %}
--- a/docker/designate/designate-base/Dockerfile.j2
+++ b/docker/designate/designate-base/Dockerfile.j2
@ -9,7 +9,6 @@ MAINTAINER Kolla Project (https://launchpad.net.kolla)
 # need the complete policy file because of some of the containers'
 # requiring it. Remove the package when the file is moved though.
 RUN yum install -y \
    MySQL-python \
        openstack-designate-api \
        openstack-designate-common \
        python-tooz \
--- a/docker/heat/heat-api-cfn/Dockerfile.j2
+++ b/docker/heat/heat-api-cfn/Dockerfile.j2
@ -4,9 +4,7 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 {% if install_type == 'binary' %}
    {% if base_distro in ['fedora', 'centos', 'oraclelinux'] %}
-RUN yum -y install \
+RUN yum -y install openstack-heat-api-cfn \
    openstack-heat-api-cfn \
    python-openstackclient \
    && yum clean all
    {% elif base_distro in ['ubuntu', 'debian'] %}
--- a/docker/heat/heat-api/Dockerfile.j2
+++ b/docker/heat/heat-api/Dockerfile.j2
@ -4,9 +4,7 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 {% if install_type == 'binary' %}
    {% if base_distro in ['fedora', 'centos', 'oraclelinux'] %}
-RUN yum -y install \
+RUN yum -y install openstack-heat-api \
    openstack-heat-api \
    python-openstackclient \
    && yum clean all
    {% elif base_distro in ['ubuntu', 'debian'] %}
--- a/docker/heat/heat-api/config-external.sh
+++ b/docker/heat/heat-api/config-external.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-SOURCE="/opt/kolla/heat-api/heat-api.conf"
+SOURCE="/opt/kolla/heat-api/heat.conf"
-TARGET="/etc/heat/heat-api.conf"
+TARGET="/etc/heat/heat.conf"
 OWNER="heat"
 if [[ -f "$SOURCE" ]]; then
--- a/docker/heat/heat-api/start.sh
+++ b/docker/heat/heat-api/start.sh
@ -10,4 +10,14 @@ source /opt/kolla/kolla-common.sh
 # Execute config strategy
 set_configs
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
    su -s /bin/sh -c "heat-manage db_sync" heat
    openstack domain create heat_user_domain
    openstack user create --domain heat_user_domain heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD}
    openstack role add --domain heat_user_domain --user heat_domain_admin admin
    exit 0
 fi
 exec $CMD $ARGS
--- a/docker/ironic/ironic-base/Dockerfile.j2
+++ b/docker/ironic/ironic-base/Dockerfile.j2
@ -6,12 +6,10 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 # until packaging is fixed, all of this is required
 # api: policy
 # conductor:MySQL-python
 RUN yum -y install \
        python-oslo-log \
        python-oslo-concurrency \
        python-oslo-policy \
        MySQL-python \
    && yum clean all
    {% elif base_distro in ['ubuntu', 'debian'] %}
--- a/docker/keystone/Dockerfile.j2
+++ b/docker/keystone/Dockerfile.j2
@ -6,7 +6,6 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 RUN yum -y install openstack-keystone \
        python-keystoneclient \
        python-openstackclient \
        httpd \
        mod_wsgi \
    && yum clean all
--- a/docker/kolla-ansible/Dockerfile.j2
+++ b/docker/kolla-ansible/Dockerfile.j2
@ -9,7 +9,6 @@ RUN yum -y install \
        libffi-devel \
        libxml2-devel \
        libxslt-devel \
        MySQL-python \
        openssl-devel \
        python-devel \
        openssh-clients \
@ -19,16 +18,17 @@ RUN pip install -U pip wheel
 {% elif base_distro in ['ubuntu', 'debian'] %}
-RUN apt-get install -y --no-install-recommends git
+RUN apt-get install -y --no-install-recommends git \
    && apt-get clean
 {% endif %}
-RUN pip install shade
+RUN pip --no-cache-dir install shade
 RUN git clone --depth 1 https://github.com/ansible/ansible.git \
    && cd ansible \
    && git submodule update --init --recursive \
-    && pip install --install-option="--install-scripts=/usr/bin" .
+    && pip --no-cache-dir install .
 RUN mkdir -p /etc/ansible /usr/share/ansible \
    && echo 'localhost ansible_connection=local' > /etc/ansible/hosts
--- a/etc/kolla/config/heat.conf
+++ b/etc/kolla/config/heat.conf
--- a/etc/kolla/config/heat/heat-api-cfn.conf
+++ b/etc/kolla/config/heat/heat-api-cfn.conf
--- a/etc/kolla/config/heat/heat-api.conf
+++ b/etc/kolla/config/heat/heat-api.conf
--- a/etc/kolla/config/heat/heat-engine.conf
+++ b/etc/kolla/config/heat/heat-engine.conf
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@ -30,7 +30,6 @@ nova_keystone_password: "password"
 neutron_database_password: "password"
 neutron_keystone_password: "password"
 metadata_secret: "password"
 cinder_database_password: "password"
@ -40,6 +39,10 @@ swift_keystone_password: "password"
 swift_hash_path_suffix: "kolla"
 swift_hash_path_prefix: "kolla"
 heat_database_password: "password"
 heat_keystone_password: "password"
 heat_domain_admin_password: "password"
 ####################
 # RabbitMQ options
 ####################