Merge "Revert "Revert "Convert identity defaults to keystone v3 api"""
This commit is contained in:
commit
17491f37d7
@ -88,9 +88,9 @@ function write_clouds_yaml {
|
|||||||
--file $CLOUDS_YAML \
|
--file $CLOUDS_YAML \
|
||||||
--os-cloud devstack \
|
--os-cloud devstack \
|
||||||
--os-region-name $REGION_NAME \
|
--os-region-name $REGION_NAME \
|
||||||
--os-identity-api-version $IDENTITY_API_VERSION \
|
--os-identity-api-version 3 \
|
||||||
$CA_CERT_ARG \
|
$CA_CERT_ARG \
|
||||||
--os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
|
--os-auth-url $KEYSTONE_AUTH_URI \
|
||||||
--os-username demo \
|
--os-username demo \
|
||||||
--os-password $ADMIN_PASSWORD \
|
--os-password $ADMIN_PASSWORD \
|
||||||
--os-project-name demo
|
--os-project-name demo
|
||||||
@ -98,9 +98,9 @@ function write_clouds_yaml {
|
|||||||
--file $CLOUDS_YAML \
|
--file $CLOUDS_YAML \
|
||||||
--os-cloud devstack-admin \
|
--os-cloud devstack-admin \
|
||||||
--os-region-name $REGION_NAME \
|
--os-region-name $REGION_NAME \
|
||||||
--os-identity-api-version $IDENTITY_API_VERSION \
|
--os-identity-api-version 3 \
|
||||||
$CA_CERT_ARG \
|
$CA_CERT_ARG \
|
||||||
--os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
|
--os-auth-url $KEYSTONE_AUTH_URI \
|
||||||
--os-username admin \
|
--os-username admin \
|
||||||
--os-password $ADMIN_PASSWORD \
|
--os-password $ADMIN_PASSWORD \
|
||||||
--os-project-name admin
|
--os-project-name admin
|
||||||
@ -735,16 +735,13 @@ function policy_add {
|
|||||||
# Usage: get_or_create_domain <name> <description>
|
# Usage: get_or_create_domain <name> <description>
|
||||||
function get_or_create_domain {
|
function get_or_create_domain {
|
||||||
local domain_id
|
local domain_id
|
||||||
local os_url="$KEYSTONE_SERVICE_URI_V3"
|
|
||||||
# Gets domain id
|
# Gets domain id
|
||||||
domain_id=$(
|
domain_id=$(
|
||||||
# Gets domain id
|
# Gets domain id
|
||||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
openstack domain show $1 \
|
||||||
--os-identity-api-version=3 domain show $1 \
|
|
||||||
-f value -c id 2>/dev/null ||
|
-f value -c id 2>/dev/null ||
|
||||||
# Creates new domain
|
# Creates new domain
|
||||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
openstack domain create $1 \
|
||||||
--os-identity-api-version=3 domain create $1 \
|
|
||||||
--description "$2" \
|
--description "$2" \
|
||||||
-f value -c id
|
-f value -c id
|
||||||
)
|
)
|
||||||
@ -755,13 +752,11 @@ function get_or_create_domain {
|
|||||||
# Usage: get_or_create_group <groupname> <domain> [<description>]
|
# Usage: get_or_create_group <groupname> <domain> [<description>]
|
||||||
function get_or_create_group {
|
function get_or_create_group {
|
||||||
local desc="${3:-}"
|
local desc="${3:-}"
|
||||||
local os_url="$KEYSTONE_SERVICE_URI_V3"
|
|
||||||
local group_id
|
local group_id
|
||||||
# Gets group id
|
# Gets group id
|
||||||
group_id=$(
|
group_id=$(
|
||||||
# Creates new group with --or-show
|
# Creates new group with --or-show
|
||||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
openstack group create $1 \
|
||||||
--os-identity-api-version=3 group create $1 \
|
|
||||||
--domain $2 --description "$desc" --or-show \
|
--domain $2 --description "$desc" --or-show \
|
||||||
-f value -c id
|
-f value -c id
|
||||||
)
|
)
|
||||||
@ -783,8 +778,6 @@ function get_or_create_user {
|
|||||||
openstack user create \
|
openstack user create \
|
||||||
$1 \
|
$1 \
|
||||||
--password "$2" \
|
--password "$2" \
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--domain=$3 \
|
--domain=$3 \
|
||||||
$email \
|
$email \
|
||||||
--or-show \
|
--or-show \
|
||||||
@ -799,9 +792,7 @@ function get_or_create_project {
|
|||||||
local project_id
|
local project_id
|
||||||
project_id=$(
|
project_id=$(
|
||||||
# Creates new project with --or-show
|
# Creates new project with --or-show
|
||||||
openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
openstack project create $1 \
|
||||||
--os-identity-api-version=3 \
|
|
||||||
project create $1 \
|
|
||||||
--domain=$2 \
|
--domain=$2 \
|
||||||
--or-show -f value -c id
|
--or-show -f value -c id
|
||||||
)
|
)
|
||||||
@ -815,8 +806,6 @@ function get_or_create_role {
|
|||||||
role_id=$(
|
role_id=$(
|
||||||
# Creates role with --or-show
|
# Creates role with --or-show
|
||||||
openstack role create $1 \
|
openstack role create $1 \
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--or-show -f value -c id
|
--or-show -f value -c id
|
||||||
)
|
)
|
||||||
echo $role_id
|
echo $role_id
|
||||||
@ -829,8 +818,6 @@ function get_or_add_user_project_role {
|
|||||||
# Gets user role id
|
# Gets user role id
|
||||||
user_role_id=$(openstack role list \
|
user_role_id=$(openstack role list \
|
||||||
--user $2 \
|
--user $2 \
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--column "ID" \
|
--column "ID" \
|
||||||
--project $3 \
|
--project $3 \
|
||||||
--column "Name" \
|
--column "Name" \
|
||||||
@ -839,13 +826,9 @@ function get_or_add_user_project_role {
|
|||||||
# Adds role to user and get it
|
# Adds role to user and get it
|
||||||
openstack role add $1 \
|
openstack role add $1 \
|
||||||
--user $2 \
|
--user $2 \
|
||||||
--project $3 \
|
--project $3
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3
|
|
||||||
user_role_id=$(openstack role list \
|
user_role_id=$(openstack role list \
|
||||||
--user $2 \
|
--user $2 \
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--column "ID" \
|
--column "ID" \
|
||||||
--project $3 \
|
--project $3 \
|
||||||
--column "Name" \
|
--column "Name" \
|
||||||
@ -860,21 +843,15 @@ function get_or_add_group_project_role {
|
|||||||
local group_role_id
|
local group_role_id
|
||||||
# Gets group role id
|
# Gets group role id
|
||||||
group_role_id=$(openstack role list \
|
group_role_id=$(openstack role list \
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--group $2 \
|
--group $2 \
|
||||||
--project $3 \
|
--project $3 \
|
||||||
-c "ID" -f value)
|
-c "ID" -f value)
|
||||||
if [[ -z "$group_role_id" ]]; then
|
if [[ -z "$group_role_id" ]]; then
|
||||||
# Adds role to group and get it
|
# Adds role to group and get it
|
||||||
openstack role add $1 \
|
openstack role add $1 \
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--group $2 \
|
--group $2 \
|
||||||
--project $3
|
--project $3
|
||||||
group_role_id=$(openstack role list \
|
group_role_id=$(openstack role list \
|
||||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--group $2 \
|
--group $2 \
|
||||||
--project $3 \
|
--project $3 \
|
||||||
-c "ID" -f value)
|
-c "ID" -f value)
|
||||||
@ -892,8 +869,6 @@ function get_or_create_service {
|
|||||||
openstack service show $2 -f value -c id 2>/dev/null ||
|
openstack service show $2 -f value -c id 2>/dev/null ||
|
||||||
# Creates new service if not exists
|
# Creates new service if not exists
|
||||||
openstack service create \
|
openstack service create \
|
||||||
--os-url $KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
$2 \
|
$2 \
|
||||||
--name $1 \
|
--name $1 \
|
||||||
--description="$3" \
|
--description="$3" \
|
||||||
@ -912,8 +887,6 @@ function _get_or_create_endpoint_with_interface {
|
|||||||
# gets support for this, the check for the region name can be removed.
|
# gets support for this, the check for the region name can be removed.
|
||||||
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
|
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
|
||||||
endpoint_id=$(openstack endpoint list \
|
endpoint_id=$(openstack endpoint list \
|
||||||
--os-url $KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
--service $1 \
|
--service $1 \
|
||||||
--interface $2 \
|
--interface $2 \
|
||||||
--region $4 \
|
--region $4 \
|
||||||
@ -921,8 +894,6 @@ function _get_or_create_endpoint_with_interface {
|
|||||||
if [[ -z "$endpoint_id" ]]; then
|
if [[ -z "$endpoint_id" ]]; then
|
||||||
# Creates new endpoint
|
# Creates new endpoint
|
||||||
endpoint_id=$(openstack endpoint create \
|
endpoint_id=$(openstack endpoint create \
|
||||||
--os-url $KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 \
|
|
||||||
$1 $2 $3 --region $4 -f value -c id)
|
$1 $2 $3 --region $4 -f value -c id)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -799,10 +799,10 @@ function stop_swift {
|
|||||||
|
|
||||||
function swift_configure_tempurls {
|
function swift_configure_tempurls {
|
||||||
OS_USERNAME=swift \
|
OS_USERNAME=swift \
|
||||||
OS_TENANT_NAME=$SERVICE_TENANT_NAME \
|
OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
|
||||||
OS_PASSWORD=$SERVICE_PASSWORD \
|
OS_PASSWORD=$SERVICE_PASSWORD \
|
||||||
OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
|
OS_AUTH_URL=$SERVICE_ENDPOINT \
|
||||||
swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
|
swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Restore xtrace
|
# Restore xtrace
|
||||||
|
15
stack.sh
15
stack.sh
@ -975,13 +975,15 @@ if is_service_enabled keystone; then
|
|||||||
start_keystone
|
start_keystone
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
export OS_IDENTITY_API_VERSION=3
|
||||||
|
|
||||||
# Set up a temporary admin URI for Keystone
|
# Set up a temporary admin URI for Keystone
|
||||||
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
|
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
|
||||||
|
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
|
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
|
||||||
# Until the client support is fixed, just use the internal endpoint
|
# Until the client support is fixed, just use the internal endpoint
|
||||||
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
|
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Setup OpenStackClient token-endpoint auth
|
# Setup OpenStackClient token-endpoint auth
|
||||||
@ -1005,14 +1007,13 @@ if is_service_enabled keystone; then
|
|||||||
# Begone token auth
|
# Begone token auth
|
||||||
unset OS_TOKEN OS_URL
|
unset OS_TOKEN OS_URL
|
||||||
|
|
||||||
# force set to use v2 identity authentication even with v3 commands
|
|
||||||
export OS_AUTH_TYPE=v2password
|
|
||||||
|
|
||||||
# Set up password auth credentials now that Keystone is bootstrapped
|
# Set up password auth credentials now that Keystone is bootstrapped
|
||||||
export OS_AUTH_URL=$SERVICE_ENDPOINT
|
export OS_AUTH_URL=$KEYSTONE_AUTH_URI
|
||||||
export OS_TENANT_NAME=admin
|
|
||||||
export OS_USERNAME=admin
|
export OS_USERNAME=admin
|
||||||
|
export OS_USER_DOMAIN_ID=default
|
||||||
export OS_PASSWORD=$ADMIN_PASSWORD
|
export OS_PASSWORD=$ADMIN_PASSWORD
|
||||||
|
export OS_PROJECT_NAME=admin
|
||||||
|
export OS_PROJECT_DOMAIN_ID=default
|
||||||
export OS_REGION_NAME=$REGION_NAME
|
export OS_REGION_NAME=$REGION_NAME
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user