Change most keystoneclient commands to openstacklient in libs
migrated most keystoneclient commands from the following libs: ceilometer cinder ironic keystone marconi neutron nova savanna swift trove Also need to set and unset openstackclient specific environment variables from stack.sh Change-Id: I725f30bc08e1df5a4c5770576c19ad1ddaeb843a
This commit is contained in:
parent
824fac2cc7
commit
19685428e3
@ -71,33 +71,33 @@ function is_ceilometer_enabled {
|
||||
|
||||
create_ceilometer_accounts() {
|
||||
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
# Ceilometer
|
||||
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
|
||||
CEILOMETER_USER=$(keystone user-create \
|
||||
--name=ceilometer \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant_id $SERVICE_TENANT \
|
||||
--email=ceilometer@example.com \
|
||||
CEILOMETER_USER=$(openstack user create \
|
||||
ceilometer \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email ceilometer@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--user-id $CEILOMETER_USER \
|
||||
--role-id $ADMIN_ROLE
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $CEILOMETER_USER
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
CEILOMETER_SERVICE=$(keystone service-create \
|
||||
--name=ceilometer \
|
||||
CEILOMETER_SERVICE=$(openstack service create \
|
||||
ceilometer \
|
||||
--type=metering \
|
||||
--description="OpenStack Telemetry Service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$CEILOMETER_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $CEILOMETER_SERVICE \
|
||||
--publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT" \
|
||||
--adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT" \
|
||||
--internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT"
|
||||
--publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
|
||||
--adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
|
||||
--internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
39
lib/cinder
39
lib/cinder
@ -330,45 +330,44 @@ function configure_cinder() {
|
||||
# Migrated from keystone_data.sh
|
||||
create_cinder_accounts() {
|
||||
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
# Cinder
|
||||
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
|
||||
CINDER_USER=$(keystone user-create \
|
||||
--name=cinder \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--email=cinder@example.com \
|
||||
CINDER_USER=$(openstack user create \
|
||||
cinder \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email cinder@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--user-id $CINDER_USER \
|
||||
--role-id $ADMIN_ROLE
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $CINDER_USER
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
CINDER_SERVICE=$(keystone service-create \
|
||||
--name=cinder \
|
||||
CINDER_SERVICE=$(openstack service create \
|
||||
cinder \
|
||||
--type=volume \
|
||||
--description="Cinder Volume Service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$CINDER_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $CINDER_SERVICE \
|
||||
--publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
|
||||
--adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
|
||||
--internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
|
||||
CINDER_V2_SERVICE=$(keystone service-create \
|
||||
--name=cinderv2 \
|
||||
CINDER_V2_SERVICE=$(openstack service create \
|
||||
cinderv2 \
|
||||
--type=volumev2 \
|
||||
--description="Cinder Volume Service V2" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$CINDER_V2_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $CINDER_V2_SERVICE \
|
||||
--publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||
--adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||
--internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
|
||||
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
30
lib/ironic
30
lib/ironic
@ -145,30 +145,30 @@ function create_ironic_cache_dir() {
|
||||
# service ironic admin # if enabled
|
||||
create_ironic_accounts() {
|
||||
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
# Ironic
|
||||
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
|
||||
IRONIC_USER=$(keystone user-create \
|
||||
--name=ironic \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--email=ironic@example.com \
|
||||
IRONIC_USER=$(openstack user create \
|
||||
ironic \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email ironic@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--user_id $IRONIC_USER \
|
||||
--role_id $ADMIN_ROLE
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $IRONIC_USER
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
IRONIC_SERVICE=$(keystone service-create \
|
||||
--name=ironic \
|
||||
IRONIC_SERVICE=$(openstack service create \
|
||||
ironic \
|
||||
--type=baremetal \
|
||||
--description="Ironic baremetal provisioning service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$IRONIC_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $IRONIC_SERVICE \
|
||||
--publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
|
||||
--adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
|
||||
--internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
|
||||
|
67
lib/keystone
67
lib/keystone
@ -275,60 +275,69 @@ function configure_keystone() {
|
||||
create_keystone_accounts() {
|
||||
|
||||
# admin
|
||||
ADMIN_TENANT=$(keystone tenant-create \
|
||||
--name admin \
|
||||
ADMIN_TENANT=$(openstack project create \
|
||||
admin \
|
||||
| grep " id " | get_field 2)
|
||||
ADMIN_USER=$(keystone user-create \
|
||||
--name admin \
|
||||
--pass "$ADMIN_PASSWORD" \
|
||||
ADMIN_USER=$(openstack user create \
|
||||
admin \
|
||||
--project "$ADMIN_TENANT" \
|
||||
--email admin@example.com \
|
||||
--password "$ADMIN_PASSWORD" \
|
||||
| grep " id " | get_field 2)
|
||||
ADMIN_ROLE=$(keystone role-create \
|
||||
--name admin \
|
||||
ADMIN_ROLE=$(openstack role create \
|
||||
admin \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add \
|
||||
--user-id $ADMIN_USER \
|
||||
--role-id $ADMIN_ROLE \
|
||||
--tenant-id $ADMIN_TENANT
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $ADMIN_TENANT \
|
||||
--user $ADMIN_USER
|
||||
|
||||
# service
|
||||
SERVICE_TENANT=$(keystone tenant-create \
|
||||
--name $SERVICE_TENANT_NAME \
|
||||
SERVICE_TENANT=$(openstack project create \
|
||||
$SERVICE_TENANT_NAME \
|
||||
| grep " id " | get_field 2)
|
||||
|
||||
# The Member role is used by Horizon and Swift so we need to keep it:
|
||||
MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
|
||||
MEMBER_ROLE=$(openstack role create \
|
||||
Member \
|
||||
| grep " id " | get_field 2)
|
||||
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
|
||||
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
|
||||
ANOTHER_ROLE=$(keystone role-create --name=anotherrole | grep " id " | get_field 2)
|
||||
ANOTHER_ROLE=$(openstack role create \
|
||||
anotherrole \
|
||||
| grep " id " | get_field 2)
|
||||
|
||||
# invisible tenant - admin can't see this one
|
||||
INVIS_TENANT=$(keystone tenant-create --name=invisible_to_admin | grep " id " | get_field 2)
|
||||
INVIS_TENANT=$(openstack project create \
|
||||
invisible_to_admin \
|
||||
| grep " id " | get_field 2)
|
||||
|
||||
# demo
|
||||
DEMO_TENANT=$(keystone tenant-create \
|
||||
--name=demo \
|
||||
DEMO_TENANT=$(openstack project create \
|
||||
demo \
|
||||
| grep " id " | get_field 2)
|
||||
DEMO_USER=$(keystone user-create \
|
||||
--name demo \
|
||||
--pass "$ADMIN_PASSWORD" \
|
||||
DEMO_USER=$(openstack user create \
|
||||
demo \
|
||||
--project $DEMO_TENANT \
|
||||
--email demo@example.com \
|
||||
--password "$ADMIN_PASSWORD" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT
|
||||
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT
|
||||
keystone user-role-add --user-id $DEMO_USER --role-id $ANOTHER_ROLE --tenant-id $DEMO_TENANT
|
||||
keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT
|
||||
|
||||
openstack role add --project $DEMO_TENANT --user $DEMO_USER $MEMBER_ROLE
|
||||
openstack role add --project $DEMO_TENANT --user $ADMIN_USER $ADMIN_ROLE
|
||||
openstack role add --project $DEMO_TENANT --user $DEMO_USER $ANOTHER_ROLE
|
||||
openstack role add --project $INVIS_TENANT --user $DEMO_USER $MEMBER_ROLE
|
||||
|
||||
# Keystone
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
KEYSTONE_SERVICE=$(keystone service-create \
|
||||
--name keystone \
|
||||
KEYSTONE_SERVICE=$(openstack service create \
|
||||
keystone \
|
||||
--type identity \
|
||||
--description "Keystone Identity Service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$KEYSTONE_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $KEYSTONE_SERVICE \
|
||||
--publicurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
|
||||
--adminurl "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
|
||||
--internalurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
|
||||
|
30
lib/marconi
30
lib/marconi
@ -151,27 +151,29 @@ function stop_marconi() {
|
||||
}
|
||||
|
||||
function create_marconi_accounts() {
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
MARCONI_USER=$(get_id keystone user-create --name=marconi \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--email=marconi@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add --tenant-id $SERVICE_TENANT \
|
||||
--user-id $MARCONI_USER \
|
||||
--role-id $ADMIN_ROLE
|
||||
MARCONI_USER=$(openstack user create \
|
||||
marconi \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email marconi@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $MARCONI_USER
|
||||
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
MARCONI_SERVICE=$(keystone service-create \
|
||||
--name=marconi \
|
||||
MARCONI_SERVICE=$(openstack service create \
|
||||
marconi \
|
||||
--type=queuing \
|
||||
--description="Marconi Service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$MARCONI_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $MARCONI_SERVICE \
|
||||
--publicurl "http://$SERVICE_HOST:8888" \
|
||||
--adminurl "http://$SERVICE_HOST:8888" \
|
||||
--internalurl "http://$SERVICE_HOST:8888"
|
||||
|
32
lib/neutron
32
lib/neutron
@ -332,29 +332,29 @@ function create_neutron_cache_dir() {
|
||||
# Migrated from keystone_data.sh
|
||||
function create_neutron_accounts() {
|
||||
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
|
||||
NEUTRON_USER=$(keystone user-create \
|
||||
--name=neutron \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--email=neutron@example.com \
|
||||
NEUTRON_USER=$(openstack user create \
|
||||
neutron \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email neutron@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--user-id $NEUTRON_USER \
|
||||
--role-id $ADMIN_ROLE
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $NEUTRON_USER
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
NEUTRON_SERVICE=$(keystone service-create \
|
||||
--name=neutron \
|
||||
NEUTRON_SERVICE=$(openstack service create \
|
||||
neutron \
|
||||
--type=network \
|
||||
--description="Neutron Service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$NEUTRON_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $NEUTRON_SERVICE \
|
||||
--publicurl "http://$SERVICE_HOST:9696/" \
|
||||
--adminurl "http://$SERVICE_HOST:9696/" \
|
||||
--internalurl "http://$SERVICE_HOST:9696/"
|
||||
@ -363,7 +363,7 @@ function create_neutron_accounts() {
|
||||
}
|
||||
|
||||
function create_neutron_initial_network() {
|
||||
TENANT_ID=$(keystone tenant-list | grep " demo " | get_field 1)
|
||||
TENANT_ID=$(openstack project list | grep " demo " | get_field 1)
|
||||
die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for demo"
|
||||
|
||||
# Create a small network
|
||||
|
38
lib/nova
38
lib/nova
@ -324,41 +324,41 @@ function configure_nova() {
|
||||
# Migrated from keystone_data.sh
|
||||
create_nova_accounts() {
|
||||
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
# Nova
|
||||
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
||||
NOVA_USER=$(keystone user-create \
|
||||
--name=nova \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--email=nova@example.com \
|
||||
NOVA_USER=$(openstack user create \
|
||||
nova \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email nova@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--user-id $NOVA_USER \
|
||||
--role-id $ADMIN_ROLE
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $NOVA_USER
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
NOVA_SERVICE=$(keystone service-create \
|
||||
--name=nova \
|
||||
NOVA_SERVICE=$(openstack service create \
|
||||
nova \
|
||||
--type=compute \
|
||||
--description="Nova Compute Service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$NOVA_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $NOVA_SERVICE \
|
||||
--publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||
--adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||
--internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
|
||||
NOVA_V3_SERVICE=$(keystone service-create \
|
||||
--name=novav3 \
|
||||
NOVA_V3_SERVICE=$(openstack service create \
|
||||
novav3 \
|
||||
--type=computev3 \
|
||||
--description="Nova Compute Service V3" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$NOVA_V3_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $NOVA_V3_SERVICE \
|
||||
--publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
|
||||
--adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
|
||||
--internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3"
|
||||
|
30
lib/savanna
30
lib/savanna
@ -54,29 +54,29 @@ TEMPEST_SERVICES+=,savanna
|
||||
# service savanna admin
|
||||
function create_savanna_accounts() {
|
||||
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
SAVANNA_USER=$(keystone user-create \
|
||||
--name=savanna \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--email=savanna@example.com \
|
||||
SAVANNA_USER=$(openstack user create \
|
||||
savanna \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email savanna@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--user-id $SAVANNA_USER \
|
||||
--role-id $ADMIN_ROLE
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $SAVANNA_USER
|
||||
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
SAVANNA_SERVICE=$(keystone service-create \
|
||||
--name=savanna \
|
||||
SAVANNA_SERVICE=$(openstack service create \
|
||||
savanna \
|
||||
--type=data_processing \
|
||||
--description="Savanna Data Processing" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$SAVANNA_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $SAVANNA_SERVICE \
|
||||
--publicurl "$SAVANNA_SERVICE_PROTOCOL://$SAVANNA_SERVICE_HOST:$SAVANNA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
|
||||
--adminurl "$SAVANNA_SERVICE_PROTOCOL://$SAVANNA_SERVICE_HOST:$SAVANNA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
|
||||
--internalurl "$SAVANNA_SERVICE_PROTOCOL://$SAVANNA_SERVICE_HOST:$SAVANNA_SERVICE_PORT/v1.1/\$(tenant_id)s"
|
||||
|
48
lib/swift
48
lib/swift
@ -527,39 +527,53 @@ function create_swift_accounts() {
|
||||
|
||||
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
|
||||
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
SWIFT_USER=$(keystone user-create --name=swift --pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT --email=swift@example.com | grep " id " | get_field 2)
|
||||
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $SWIFT_USER --role-id $ADMIN_ROLE
|
||||
SWIFT_USER=$(openstack user create \
|
||||
swift \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email=swift@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
openstack role add \
|
||||
$ADMIN_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $SWIFT_USER
|
||||
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
SWIFT_SERVICE=$(keystone service-create --name=swift --type="object-store" \
|
||||
--description="Swift Service" | grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
SWIFT_SERVICE=$(openstack service create \
|
||||
swift \
|
||||
--type="object-store" \
|
||||
--description="Swift Service" \
|
||||
| grep " id " | get_field 2)
|
||||
openstack endpoint create \
|
||||
$SWIFT_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $SWIFT_SERVICE \
|
||||
--publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
|
||||
--adminurl "http://$SERVICE_HOST:8080" \
|
||||
--internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
|
||||
fi
|
||||
|
||||
SWIFT_TENANT_TEST1=$(keystone tenant-create --name=swifttenanttest1 | grep " id " | get_field 2)
|
||||
SWIFT_TENANT_TEST1=$(openstack project create swifttenanttest1 | grep " id " | get_field 2)
|
||||
die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1"
|
||||
SWIFT_USER_TEST1=$(keystone user-create --name=swiftusertest1 --pass=$SWIFTUSERTEST1_PASSWORD --email=test@example.com | grep " id " | get_field 2)
|
||||
SWIFT_USER_TEST1=$(openstack user create swiftusertest1 --password=$SWIFTUSERTEST1_PASSWORD \
|
||||
--project "$SWIFT_TENANT_TEST1" --email=test@example.com | grep " id " | get_field 2)
|
||||
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
|
||||
keystone user-role-add --user-id $SWIFT_USER_TEST1 --role-id $ADMIN_ROLE --tenant-id $SWIFT_TENANT_TEST1
|
||||
openstack role add --user $SWIFT_USER_TEST1 --project $SWIFT_TENANT_TEST1 $ADMIN_ROLE
|
||||
|
||||
SWIFT_USER_TEST3=$(keystone user-create --name=swiftusertest3 --pass=$SWIFTUSERTEST3_PASSWORD --email=test3@example.com | grep " id " | get_field 2)
|
||||
SWIFT_USER_TEST3=$(openstack user create swiftusertest3 --password=$SWIFTUSERTEST3_PASSWORD \
|
||||
--project "$SWIFT_TENANT_TEST1" --email=test3@example.com | grep " id " | get_field 2)
|
||||
die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3"
|
||||
keystone user-role-add --user-id $SWIFT_USER_TEST3 --role-id $ANOTHER_ROLE --tenant-id $SWIFT_TENANT_TEST1
|
||||
openstack role add --user $SWIFT_USER_TEST3 --project $SWIFT_TENANT_TEST1 $ANOTHER_ROLE
|
||||
|
||||
SWIFT_TENANT_TEST2=$(keystone tenant-create --name=swifttenanttest2 | grep " id " | get_field 2)
|
||||
SWIFT_TENANT_TEST2=$(openstack project create swifttenanttest2 | grep " id " | get_field 2)
|
||||
die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2"
|
||||
SWIFT_USER_TEST2=$(keystone user-create --name=swiftusertest2 --pass=$SWIFTUSERTEST2_PASSWORD --email=test2@example.com | grep " id " | get_field 2)
|
||||
|
||||
SWIFT_USER_TEST2=$(openstack user create swiftusertest2 --password=$SWIFTUSERTEST2_PASSWORD \
|
||||
--project "$SWIFT_TENANT_TEST2" --email=test2@example.com | grep " id " | get_field 2)
|
||||
die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2"
|
||||
keystone user-role-add --user-id $SWIFT_USER_TEST2 --role-id $ADMIN_ROLE --tenant-id $SWIFT_TENANT_TEST2
|
||||
openstack role add --user $SWIFT_USER_TEST2 --project $SWIFT_TENANT_TEST2 $ADMIN_ROLE
|
||||
}
|
||||
|
||||
# init_swift() - Initialize rings
|
||||
|
29
lib/trove
29
lib/trove
@ -71,28 +71,29 @@ function setup_trove_logging() {
|
||||
|
||||
create_trove_accounts() {
|
||||
# Trove
|
||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
SERVICE_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||
SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||
|
||||
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
|
||||
TROVE_USER=$(keystone user-create \
|
||||
--name=trove \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--email=trove@example.com \
|
||||
TROVE_USER=$(openstack user create \
|
||||
trove \
|
||||
--password "$SERVICE_PASSWORD" \
|
||||
--project $SERVICE_TENANT \
|
||||
--email trove@example.com \
|
||||
| grep " id " | get_field 2)
|
||||
keystone user-role-add --tenant-id $SERVICE_TENANT \
|
||||
--user-id $TROVE_USER \
|
||||
--role-id $SERVICE_ROLE
|
||||
openstack role add \
|
||||
$SERVICE_ROLE \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $TROVE_USER
|
||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||
TROVE_SERVICE=$(keystone service-create \
|
||||
--name=trove \
|
||||
TROVE_SERVICE=$(openstack service create
|
||||
trove \
|
||||
--type=database \
|
||||
--description="Trove Service" \
|
||||
| grep " id " | get_field 2)
|
||||
keystone endpoint-create \
|
||||
openstack endpoint create \
|
||||
$TROVE_SERVICE \
|
||||
--region RegionOne \
|
||||
--service_id $TROVE_SERVICE \
|
||||
--publicurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
||||
--adminurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
||||
--internalurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
|
||||
|
4
stack.sh
4
stack.sh
@ -925,6 +925,9 @@ if is_service_enabled key; then
|
||||
# Do the keystone-specific bits from keystone_data.sh
|
||||
export OS_SERVICE_TOKEN=$SERVICE_TOKEN
|
||||
export OS_SERVICE_ENDPOINT=$SERVICE_ENDPOINT
|
||||
# Add temporarily to make openstackclient work
|
||||
export OS_TOKEN=$SERVICE_TOKEN
|
||||
export OS_URL=$SERVICE_ENDPOINT
|
||||
create_keystone_accounts
|
||||
create_nova_accounts
|
||||
create_cinder_accounts
|
||||
@ -947,6 +950,7 @@ if is_service_enabled key; then
|
||||
bash -x $FILES/keystone_data.sh
|
||||
|
||||
# Set up auth creds now that keystone is bootstrapped
|
||||
unset OS_TOKEN OS_URL
|
||||
export OS_AUTH_URL=$SERVICE_ENDPOINT
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
|
Loading…
x
Reference in New Issue
Block a user