openstack/devstack
Code Issues Proposed changes

Merge "Revert "Revert "Convert identity defaults to keystone v3 api"""

Browse Source
This commit is contained in:
Jenkins 2015-10-07 19:30:18 +00:00 committed by Gerrit Code Review
commit 17491f37d7
3 changed files with 20 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
functions-common
View File

@ -88,9 +88,9 @@ function write_clouds_yaml {
--file $CLOUDS_YAML \ --file $CLOUDS_YAML \
--os-cloud devstack \ --os-cloud devstack \
--os-region-name $REGION_NAME \ --os-region-name $REGION_NAME \
--os-identity-api-version $IDENTITY_API_VERSION \ --os-identity-api-version 3 \
$CA_CERT_ARG \ $CA_CERT_ARG \
--os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ --os-auth-url $KEYSTONE_AUTH_URI \
--os-username demo \ --os-username demo \
--os-password $ADMIN_PASSWORD \ --os-password $ADMIN_PASSWORD \
--os-project-name demo --os-project-name demo
@ -98,9 +98,9 @@ function write_clouds_yaml {
--file $CLOUDS_YAML \ --file $CLOUDS_YAML \
--os-cloud devstack-admin \ --os-cloud devstack-admin \
--os-region-name $REGION_NAME \ --os-region-name $REGION_NAME \
--os-identity-api-version $IDENTITY_API_VERSION \ --os-identity-api-version 3 \
$CA_CERT_ARG \ $CA_CERT_ARG \
--os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ --os-auth-url $KEYSTONE_AUTH_URI \
--os-username admin \ --os-username admin \
--os-password $ADMIN_PASSWORD \ --os-password $ADMIN_PASSWORD \
--os-project-name admin --os-project-name admin
@ -735,16 +735,13 @@ function policy_add {
# Usage: get_or_create_domain <name> <description> # Usage: get_or_create_domain <name> <description>
function get_or_create_domain { function get_or_create_domain {
local domain_id local domain_id
local os_url="$KEYSTONE_SERVICE_URI_V3"
# Gets domain id # Gets domain id
domain_id=$( domain_id=$(
# Gets domain id # Gets domain id
openstack --os-token=$OS_TOKEN --os-url=$os_url \ openstack domain show $1 \
--os-identity-api-version=3 domain show $1 \
-f value -c id 2>/dev/null || -f value -c id 2>/dev/null ||
# Creates new domain # Creates new domain
openstack --os-token=$OS_TOKEN --os-url=$os_url \ openstack domain create $1 \
--os-identity-api-version=3 domain create $1 \
--description "$2" \ --description "$2" \
-f value -c id -f value -c id
) )
@ -755,13 +752,11 @@ function get_or_create_domain {
# Usage: get_or_create_group <groupname> <domain> [<description>] # Usage: get_or_create_group <groupname> <domain> [<description>]
function get_or_create_group { function get_or_create_group {
local desc="${3:-}" local desc="${3:-}"
local os_url="$KEYSTONE_SERVICE_URI_V3"
local group_id local group_id
# Gets group id # Gets group id
group_id=$( group_id=$(
# Creates new group with --or-show # Creates new group with --or-show
openstack --os-token=$OS_TOKEN --os-url=$os_url \ openstack group create $1 \
--os-identity-api-version=3 group create $1 \
--domain $2 --description "$desc" --or-show \ --domain $2 --description "$desc" --or-show \
-f value -c id -f value -c id
) )
@ -783,8 +778,6 @@ function get_or_create_user {
openstack user create \ openstack user create \
$1 \ $1 \
--password "$2" \ --password "$2" \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--domain=$3 \ --domain=$3 \
$email \ $email \
--or-show \ --or-show \
@ -799,9 +792,7 @@ function get_or_create_project {
local project_id local project_id
project_id=$( project_id=$(
# Creates new project with --or-show # Creates new project with --or-show
openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ openstack project create $1 \
--os-identity-api-version=3 \
project create $1 \
--domain=$2 \ --domain=$2 \
--or-show -f value -c id --or-show -f value -c id
) )
@ -815,8 +806,6 @@ function get_or_create_role {
role_id=$( role_id=$(
# Creates role with --or-show # Creates role with --or-show
openstack role create $1 \ openstack role create $1 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--or-show -f value -c id --or-show -f value -c id
) )
echo $role_id echo $role_id
@ -829,8 +818,6 @@ function get_or_add_user_project_role {
# Gets user role id # Gets user role id
user_role_id=$(openstack role list \ user_role_id=$(openstack role list \
--user $2 \ --user $2 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--column "ID" \ --column "ID" \
--project $3 \ --project $3 \
--column "Name" \ --column "Name" \
@ -839,13 +826,9 @@ function get_or_add_user_project_role {
# Adds role to user and get it # Adds role to user and get it
openstack role add $1 \ openstack role add $1 \
--user $2 \ --user $2 \
--project $3 \ --project $3
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3
user_role_id=$(openstack role list \ user_role_id=$(openstack role list \
--user $2 \ --user $2 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--column "ID" \ --column "ID" \
--project $3 \ --project $3 \
--column "Name" \ --column "Name" \
@ -860,21 +843,15 @@ function get_or_add_group_project_role {
local group_role_id local group_role_id
# Gets group role id # Gets group role id
group_role_id=$(openstack role list \ group_role_id=$(openstack role list \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \ --group $2 \
--project $3 \ --project $3 \
-c "ID" -f value) -c "ID" -f value)
if [[ -z "$group_role_id" ]]; then if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it # Adds role to group and get it
openstack role add $1 \ openstack role add $1 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \ --group $2 \
--project $3 --project $3
group_role_id=$(openstack role list \ group_role_id=$(openstack role list \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \ --group $2 \
--project $3 \ --project $3 \
-c "ID" -f value) -c "ID" -f value)
@ -892,8 +869,6 @@ function get_or_create_service {
openstack service show $2 -f value -c id 2>/dev/null || openstack service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists # Creates new service if not exists
openstack service create \ openstack service create \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
$2 \ $2 \
--name $1 \ --name $1 \
--description="$3" \ --description="$3" \
@ -912,8 +887,6 @@ function _get_or_create_endpoint_with_interface {
# gets support for this, the check for the region name can be removed. # gets support for this, the check for the region name can be removed.
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772 # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
endpoint_id=$(openstack endpoint list \ endpoint_id=$(openstack endpoint list \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--service $1 \ --service $1 \
--interface $2 \ --interface $2 \
--region $4 \ --region $4 \
@ -921,8 +894,6 @@ function _get_or_create_endpoint_with_interface {
if [[ -z "$endpoint_id" ]]; then if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint # Creates new endpoint
endpoint_id=$(openstack endpoint create \ endpoint_id=$(openstack endpoint create \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
$1 $2 $3 --region $4 -f value -c id) $1 $2 $3 --region $4 -f value -c id)
fi fi

6
lib/swift
View File

@ -799,10 +799,10 @@ function stop_swift {
function swift_configure_tempurls { function swift_configure_tempurls {
OS_USERNAME=swift \ OS_USERNAME=swift \
OS_TENANT_NAME=$SERVICE_TENANT_NAME \ OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
OS_PASSWORD=$SERVICE_PASSWORD \ OS_PASSWORD=$SERVICE_PASSWORD \
OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ OS_AUTH_URL=$SERVICE_ENDPOINT \
swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY" swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
} }
# Restore xtrace # Restore xtrace

15
stack.sh
View File

@ -975,13 +975,15 @@ if is_service_enabled keystone; then
start_keystone start_keystone
fi fi
export OS_IDENTITY_API_VERSION=3
# Set up a temporary admin URI for Keystone # Set up a temporary admin URI for Keystone
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem export OS_CACERT=$INT_CA_DIR/ca-chain.pem
# Until the client support is fixed, just use the internal endpoint # Until the client support is fixed, just use the internal endpoint
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0 SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
fi fi
# Setup OpenStackClient token-endpoint auth # Setup OpenStackClient token-endpoint auth
@ -1005,14 +1007,13 @@ if is_service_enabled keystone; then
# Begone token auth # Begone token auth
unset OS_TOKEN OS_URL unset OS_TOKEN OS_URL
# force set to use v2 identity authentication even with v3 commands
export OS_AUTH_TYPE=v2password
# Set up password auth credentials now that Keystone is bootstrapped # Set up password auth credentials now that Keystone is bootstrapped
export OS_AUTH_URL=$SERVICE_ENDPOINT export OS_AUTH_URL=$KEYSTONE_AUTH_URI
export OS_TENANT_NAME=admin
export OS_USERNAME=admin export OS_USERNAME=admin
export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=$ADMIN_PASSWORD export OS_PASSWORD=$ADMIN_PASSWORD
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_ID=default
export OS_REGION_NAME=$REGION_NAME export OS_REGION_NAME=$REGION_NAME
fi fi