Red Hat Bugzilla – Bug 1076172
puppet-heat requires heat update for domain users
Last modified: 2018-02-08 05:13:43 EST
Description of problem: Some functionality has landed upstream for Icehouse which requires creating a domain, and a domain admin user, then setting details of both in the heat configuration file. Heat will still work without these settings, but will still be affected by https://bugs.launchpad.net/heat/+bug/1089261 I've raised https://bugs.launchpad.net/puppet-heat/+bug/1288880 to track getting the required changes into the puppet manfifests used by packstack.
Cut/paste details from upstream puppet-heat bug. Note new dependency on python-openstackclient. -- Recent changes landed under the instance-users BP require some updates to the heat installation procedure, specifically: 1. Create a keystone domain and set the id in heat.conf (stack_user_domain) 2. Create a keystone user, and make them a domain admin (admin role in the domain created above) 3. Update heat.conf with the username and password of the domain-admin user (stack_domain_admin and stack_domain_admin_password) This is the BP: https://blueprints.launchpad.net/heat/+spec/instance-users These are the commits which added the options, and include python-openstack commands to create the domain/user: https://review.openstack.org/#/c/73978/ https://review.openstack.org/#/c/76035/ These are the associated devstack changes (now merged): https://review.openstack.org/#/c/73324/ https://review.openstack.org/#/c/75424/ https://review.openstack.org/#/c/76036/ Note this introduces a dependency on python-openstackclient, because the "keystone" CLI tool provided by python-keystoneclient is deprecated and does not support the v3 keystone API, ref this discussion: http://lists.openstack.org/pipermail/openstack-dev/2014-January/025629.html In the event python-openstackclient is not available, heat provides a helper script which can be used to create the domain/user, but it's probably preferable to use openstackclient like devstack if available: https://review.openstack.org/#/c/78048/
Padraig, Is python-openstackclient planned for packaging in Fedora/RDO? If it isn't, could you add it to the queue? Sounds like heat will not support domain functionality without it.
sdake: Looks like there is a package for RDO: https://bugzilla.redhat.com/show_bug.cgi?id=1024885
Packstack support implemented in openstack-packstack-2014.1.1-0.21.dev1116.el7ost.
tested in openstack-puppet-modules-2014.1-16.2.el7ost.noarch. example from my current heat.conf: #stack_user_domain=<None> stack_user_domain=58d2ba15c5bf493b9f64a68c4c745d79 #stack_domain_admin=<None> stack_domain_admin=heat_admin #stack_domain_admin_password=<None> stack_domain_admin_password=6fd1f3828fa14ea1 last part (password) was not been generated at all during installation. seems to be working well now. The scripts are doing what they should.
Patch submitted to upstream puppet-heat.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-0846.html