Bug 1076172
| Summary: | puppet-heat requires heat update for domain users | |||
|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Steven Hardy <shardy> | |
| Component: | openstack-puppet-modules | Assignee: | Martin Magr <mmagr> | |
| Status: | CLOSED ERRATA | QA Contact: | Amit Ugol <augol> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 5.0 (RHEL 7) | CC: | aortega, derekh, lyarwood, mburns, mmagr, pbrady, sdake, yeylon | |
| Target Milestone: | rc | |||
| Target Release: | 5.0 (RHEL 7) | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | openstack-puppet-modules-2014.1-14.2.el7ost | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1076611 (view as bug list) | Environment: | ||
| Last Closed: | 2014-07-08 15:37:52 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1104709 | |||
| Bug Blocks: | 1076611 | |||
|
Description
Steven Hardy
2014-03-13 17:34:56 UTC
Cut/paste details from upstream puppet-heat bug. Note new dependency on python-openstackclient. -- Recent changes landed under the instance-users BP require some updates to the heat installation procedure, specifically: 1. Create a keystone domain and set the id in heat.conf (stack_user_domain) 2. Create a keystone user, and make them a domain admin (admin role in the domain created above) 3. Update heat.conf with the username and password of the domain-admin user (stack_domain_admin and stack_domain_admin_password) This is the BP: https://blueprints.launchpad.net/heat/+spec/instance-users These are the commits which added the options, and include python-openstack commands to create the domain/user: https://review.openstack.org/#/c/73978/ https://review.openstack.org/#/c/76035/ These are the associated devstack changes (now merged): https://review.openstack.org/#/c/73324/ https://review.openstack.org/#/c/75424/ https://review.openstack.org/#/c/76036/ Note this introduces a dependency on python-openstackclient, because the "keystone" CLI tool provided by python-keystoneclient is deprecated and does not support the v3 keystone API, ref this discussion: http://lists.openstack.org/pipermail/openstack-dev/2014-January/025629.html In the event python-openstackclient is not available, heat provides a helper script which can be used to create the domain/user, but it's probably preferable to use openstackclient like devstack if available: https://review.openstack.org/#/c/78048/ Padraig, Is python-openstackclient planned for packaging in Fedora/RDO? If it isn't, could you add it to the queue? Sounds like heat will not support domain functionality without it. sdake: Looks like there is a package for RDO: https://bugzilla.redhat.com/show_bug.cgi?id=1024885 Packstack support implemented in openstack-packstack-2014.1.1-0.21.dev1116.el7ost. tested in openstack-puppet-modules-2014.1-16.2.el7ost.noarch. example from my current heat.conf: #stack_user_domain=<None> stack_user_domain=58d2ba15c5bf493b9f64a68c4c745d79 #stack_domain_admin=<None> stack_domain_admin=heat_admin #stack_domain_admin_password=<None> stack_domain_admin_password=6fd1f3828fa14ea1 last part (password) was not been generated at all during installation. seems to be working well now. The scripts are doing what they should. Patch submitted to upstream puppet-heat. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-0846.html |