From d114ca89311affe2b5b9c7b4ef4fa5d1cc02fc40 Mon Sep 17 00:00:00 2001 From: Gael Chamoulaud Date: Mon, 10 Nov 2014 14:37:30 +0100 Subject: [PATCH] Revert "Configures Heat to use Trusts by default" - This is managed by the puppet-heat module itself, (https://review.openstack.org/126940). This reverts commit 581a79ed8507a8ffe4388a67060e0b32899d4f86. Signed-off-by: Gael Chamoulaud Conflicts: packstack/plugins/heat_750.py packstack/puppet/templates/heat_trusts.pp packstack/puppet/templates/provision_demo.pp packstack/puppet/templates/provision_tempest.pp Change-Id: I61b06f6f2d7de9cbf32061437abef9c5d7860531 --- docs/packstack.rst | 3 --- packstack/plugins/heat_750.py | 21 ------------------- packstack/plugins/provision_700.py | 7 ------- packstack/puppet/templates/heat.pp | 6 ++++++ packstack/puppet/templates/heat_trusts.pp | 11 ---------- .../puppet/templates/keystone_heat_trusts.pp | 4 ---- packstack/puppet/templates/provision_demo.pp | 5 +---- .../puppet/templates/provision_tempest.pp | 5 +---- 8 files changed, 8 insertions(+), 54 deletions(-) delete mode 100644 packstack/puppet/templates/heat_trusts.pp delete mode 100644 packstack/puppet/templates/keystone_heat_trusts.pp diff --git a/docs/packstack.rst b/docs/packstack.rst index 4df075021..66b3276b5 100644 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -434,9 +434,6 @@ Heat Config Parameters **CONFIG_HEAT_KS_PW** The password to use for the Heat to authenticate with Keystone. -**CONFIG_HEAT_USING_TRUSTS** - Set to 'y' if you would like Packstack to install heat with trusts as deferred auth method. If not, the stored password method will be used. - **CONFIG_HEAT_CLOUDWATCH_INSTALL** Set to 'y' if you would like Packstack to install Heat CloudWatch API. diff --git a/packstack/plugins/heat_750.py b/packstack/plugins/heat_750.py index d00f6faa1..344230d5c 100644 --- a/packstack/plugins/heat_750.py +++ b/packstack/plugins/heat_750.py @@ -86,21 +86,6 @@ def initConfig(controller): "NEED_CONFIRM": False, "CONDITION": False}, - {"CMD_OPTION": "os-heat-using-trusts", - "USAGE": ("Set to 'y' if you would like Packstack to install Heat " - "with trusts as deferred auth method. " - "If not, the stored password method will be used."), - "PROMPT": "Should Packstack configure Heat to use trusts", - "OPTION_LIST": ["y", "n"], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": "y", - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_HEAT_USING_TRUSTS", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "os-heat-cfn-install", "USAGE": ("Set to 'y' if you would like Packstack to install Heat " "CloudFormation API"), @@ -192,8 +177,6 @@ def create_manifest(config, messages): manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat.pp") - if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y': - manifestdata += getManifestTemplate("heat_trusts.pp") fw_details = dict() key = "heat" @@ -212,10 +195,6 @@ def create_manifest(config, messages): def create_keystone_manifest(config, messages): manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("keystone_heat.pp") - - if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y': - manifestdata += getManifestTemplate("keystone_heat_trusts.pp") - appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/provision_700.py b/packstack/plugins/provision_700.py index 784840960..bd36f2afe 100644 --- a/packstack/plugins/provision_700.py +++ b/packstack/plugins/provision_700.py @@ -270,11 +270,6 @@ def marshall_conf_bool(conf, key): conf[key] = False -def using_heat(config): - if config['CONFIG_HEAT_INSTALL'] != "y": - config['CONFIG_HEAT_USING_TRUSTS'] = "n" - - def using_neutron(config): # Using the neutron or nova api servers as the provisioning target # will suffice for the all-in-one case. @@ -295,7 +290,6 @@ def using_neutron(config): def create_demo_manifest(config, messages): using_neutron(config) - using_heat(config) manifest_file = '%s_provision_demo.pp' % config['CONFIG_CONTROLLER_HOST'] manifest_data = getManifestTemplate("provision_demo.pp") appendManifestFile(manifest_file, manifest_data) @@ -316,7 +310,6 @@ def create_storage_manifest(config, messages): def create_tempest_manifest(config, messages): using_neutron(config) - using_heat(config) manifest_file = '%s_provision_tempest.pp' % \ config['CONFIG_CONTROLLER_HOST'] manifest_data = getManifestTemplate("provision_tempest.pp") diff --git a/packstack/puppet/templates/heat.pp b/packstack/puppet/templates/heat.pp index 2d19d3caf..61ebad509 100644 --- a/packstack/puppet/templates/heat.pp +++ b/packstack/puppet/templates/heat.pp @@ -10,6 +10,12 @@ class { 'heat::engine': auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'), } +keystone_user_role { 'admin@admin': + ensure => present, + roles => ['admin', '_member_', 'heat_stack_owner'], + require => Class['heat::engine'], +} + class { 'heat::keystone::domain': auth_url => "http://${heat_cfg_ctrl_host}:35357/v2.0", keystone_admin => 'admin', diff --git a/packstack/puppet/templates/heat_trusts.pp b/packstack/puppet/templates/heat_trusts.pp deleted file mode 100644 index 5ec87aa35..000000000 --- a/packstack/puppet/templates/heat_trusts.pp +++ /dev/null @@ -1,11 +0,0 @@ - -heat_config { - 'DEFAULT/deferred_auth_method' : value => 'trusts'; - 'DEFAULT/trusts_delegated_roles' : value => 'heat_stack_owner'; -} - -keystone_user_role { 'admin@admin': - ensure => present, - roles => ['admin', '_member_', 'heat_stack_owner'], -} - diff --git a/packstack/puppet/templates/keystone_heat_trusts.pp b/packstack/puppet/templates/keystone_heat_trusts.pp deleted file mode 100644 index 495a9a4aa..000000000 --- a/packstack/puppet/templates/keystone_heat_trusts.pp +++ /dev/null @@ -1,4 +0,0 @@ - -keystone_role { 'heat_stack_owner': - ensure => present, -} diff --git a/packstack/puppet/templates/provision_demo.pp b/packstack/puppet/templates/provision_demo.pp index 3db71fce2..0d4c92186 100644 --- a/packstack/puppet/templates/provision_demo.pp +++ b/packstack/puppet/templates/provision_demo.pp @@ -8,9 +8,6 @@ $admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') $admin_tenant_name = 'admin' - # Heat Using Trusts - $heat_using_trusts = hiera('CONFIG_HEAT_USING_TRUSTS') - ## Neutron $public_network_name = 'public' $public_subnet_name = 'public_subnet' @@ -37,7 +34,7 @@ password => $password, } - if $heat_using_trusts == 'y' { + if hiera('CONFIG_HEAT_INSTALL') == 'y' { keystone_user_role { "${username}@${tenant_name}": ensure => present, roles => ['_member_', 'heat_stack_owner'], diff --git a/packstack/puppet/templates/provision_tempest.pp b/packstack/puppet/templates/provision_tempest.pp index 98a0db52d..64ff1f313 100644 --- a/packstack/puppet/templates/provision_tempest.pp +++ b/packstack/puppet/templates/provision_tempest.pp @@ -19,9 +19,6 @@ if $provision_tempest_user != '' { $admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') $admin_tenant_name = 'admin' - # Heat Using Trusts - $heat_using_trusts = hiera('CONFIG_HEAT_USING_TRUSTS') - ## Glance $image_name = 'cirros' $image_source = hiera('CONFIG_PROVISION_TEMPEST_CIRROS_URL') @@ -76,7 +73,7 @@ if $provision_tempest_user != '' { password => $password, } - if $heat_using_trusts == 'y' { + if hiera('CONFIG_HEAT_INSTALL') == 'y' { keystone_user_role { "${username}@${tenant_name}": ensure => present, roles => ['_member_', 'heat_stack_owner'],