Updates required for stack domain users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-heat |
Fix Released
|
High
|
Unassigned |
Bug Description
Recent changes landed under the instance-users BP require some updates to the heat installation procedure, specifically:
1. Create a keystone domain and set the id in heat.conf (stack_user_domain)
2. Create a keystone user, and make them a domain admin (admin role in the domain created above)
3. Update heat.conf with the username and password of the domain-admin user (stack_domain_admin and stack_domain_
This is the BP:
https:/
These are the commits which added the options, and include python-openstack commands to create the domain/user:
https:/
https:/
These are the associated devstack changes (now merged):
https:/
https:/
https:/
Note this introduces a dependency on python-
http://
In the event python-
https:/
Changed in puppet-heat: | |
assignee: | nobody → Kumari Paluru (kumariopenstack) |
I've been asked for steps to validate this, so these are the steps I'd use to ensure heat is correctly configured to use domain users:
1. Review heat.conf
[DEFAULT] admin_password = apassword e8ac30107288853 29
stack_domain_
stack_domain_admin = heat_domain_admin
stack_user_domain = 7e4f6598443b4f5
These three entries should exist with values set appropriately in the DEFAULT section of the heat.conf
2. Ensure the heat domain and heat_domain_admin user exist in keystone:
-bash-4.2$ openstack --os-identity- api-version= 3 --os-url=http:// 127.0.0. 1:5000/ v3 --os-token foobar domain list | grep heat e8ac30107288853 29 | heat | True | Owns users and projects created by heat |
| 7e4f6598443b4f5
-bash-4.2$ openstack --os-identity- api-version= 3 --os-url=http:// 127.0.0. 1:5000/ v3 --os-token foobar user list | grep heat| 50d363c7a1e245f bb337669e432eb8 7b | heat_domain_admin | bac41bc54aa756f 52 | heat |
| 7357ce487a3e449
3. Ensure stack domain users can be created and deleted via a stack, and that they end up in the heat stack domain
-bash-4.2$ cat user_access2.yaml version: 2013-05-23
heat_template_
resources:
user:
type: AWS::IAM::User
access:
type: AWS::IAM::AccessKey
properties:
UserName: { get_resource : user }
-bash-4.2$ heat stack-create ua2 -f user_access2.yaml ------- ------- ------- ------- ----+-- ------- ---+--- ------- ------- ---+--- ------- ------- -----+ ------- ------- ------- ------- ----+-- ------- ---+--- ------- ------- ---+--- ------- ------- -----+ 6351-453f- b00c-7b06aa7b93 ce | ua2 | CREATE_IN_PROGRESS | 2014-04- 04T17:07: 36Z | ------- ------- ------- ------- ----+-- ------- ---+--- ------- ------- ---+--- ------- ------- -----+
+------
| id | stack_name | stack_status | creation_time |
+------
| 769f96d4-
+------
-bash-4.2$ openstack --os-identity- api-version= 3 --os-url=http:// 127.0.0. 1:5000/ v3 --os-token foobar user list | grep ua2 e9e813b933fb45e 2e | ua2-user- wf2s2eld3qnw |
| 53750398d9b1465
-bash-4.2$ openstack --os-identity- api-version= 3 --os-url=http:// 127.0.0. 1:5000/ v3 --os-token foobar user show 53750398d9b1465 e9e813b933fb45e 2e ------- ------- +------ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---+ ------- ------- +------ ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---+ 68493dee6b4048b 99 | e8ac30107288853 29 | e9e813b933fb45e 2e | localhost: 5000/v3/ users/53750398d 9b1465e9e813b93 3fb45e2e'} | wf2s2eld3qnw | ------- ------- +------ ------- ------- ------- ------- ------- ------- ------- ---...
+------
| Field | Value |
+------
| default_project_id | c45c5e533d7a405
| domain_id | 7e4f6598443b4f5
| enabled | True |
| id | 53750398d9b1465
| links | {u'self': u'http://
| name | ua2-user-
+------