缺少 OpenStack 上 Heat 编排中角色的凭证?

缺少 OpenStack 上 Heat 编排中角色的凭证?

我正在 OpenStack 上尝试 Heat 编排。使用以下配置设置单实例堆栈时,出现此错误:

Error: ERROR: Missing required credential: roles [u'_member_']

这可能是什么问题?

谢谢!

heat_template_version: 2013-05-23

description: Simple template to deploy a single compute instance

resources:
  my_instance:
    type: OS::Nova::Server
    properties:
      image: CentOS-6-x86_64-GenericCloud-2016-04-05
      flavor: c1-tiny
      key_name: mine
      networks:
        - network: private_network

答案1

成员属性表示 OpenStack 项目上的角色,所以这是 keystone 抛出的错误,我能想到两种可能性 - 调用堆栈的用户没有成员角色(如果您可以登录 Horizo​​n,则您拥有此角色)或 heat 域和 stack 用户尚未设置,从安装先决条件来看:

Orchestration requires additional information in the Identity service to manage stacks. To add this information, complete these steps:

Create the heat domain that contains projects and users for stacks:

$ openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Stack projects and users         |
| enabled     | True                             |
| id          | 0f4d1bd326f2454dacc72157ba328a47 |
| name        | heat                             |
+-------------+----------------------------------+
Create the heat_domain_admin user to manage projects and users in the heat domain:

$ openstack user create --domain heat --password-prompt heat_domain_admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 0f4d1bd326f2454dacc72157ba328a47 |
| enabled   | True                             |
| id        | b7bd1abfbcf64478b47a0f13cd4d970a |
| name      | heat_domain_admin                |
+-----------+----------------------------------+
Add the admin role to the heat_domain_admin user in the heat domain to enable administrative stack management privileges by the heat_domain_admin user:

$ openstack role add --domain heat --user heat_domain_admin admin
 Note
This command provides no output.

Create the heat_stack_owner role:

$ openstack role create heat_stack_owner
+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | 15e34f0c4fed4e68b3246275883c8630 |
| name  | heat_stack_owner                 |
+-------+----------------------------------+
Add the heat_stack_owner role to the demo project and user to enable stack management by the demo user:

$ openstack role add --project demo --user demo heat_stack_owner
 Note
This command provides no output.

 Note
You must add the heat_stack_owner role to each user that manages stacks.

Create the heat_stack_user role:

$ openstack role create heat_stack_user
+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | 88849d41a55d4d1d91e4f11bffd8fc5c |
| name  | heat_stack_user                  |
+-------+----------------------------------+
 Note
The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment. By default, this role restricts API operations. To avoid conflicts, do not add this role to users with the heat_stack_owner role. 

相关内容