Prepare for dropping keystone admin endpoint
Keystone no longer has any special functionality hidden behind the admin endpoint. Stop referencing it in consumers, so it can later be dropped completely. Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
This commit is contained in:
Jens Harbott
parent
02da0c40f9
commit
32c00890ed
@ -47,7 +47,7 @@ KILL_PATH="$(which kill)"
|
|||||||
|
|
||||||
# Save these variables to .stackenv
|
# Save these variables to .stackenv
|
||||||
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
|
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
|
||||||
KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \
|
KEYSTONE_SERVICE_URI \
|
||||||
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \
|
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \
|
||||||
HOST_IPV6 SERVICE_IP_VERSION"
|
HOST_IPV6 SERVICE_IP_VERSION"
|
||||||
|
|
||||||
|
|||||||
@ -208,8 +208,7 @@ function configure_glance {
|
|||||||
|
|
||||||
if is_service_enabled tls-proxy; then
|
if is_service_enabled tls-proxy; then
|
||||||
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
|
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
|
||||||
|
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI
|
||||||
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Format logging
|
# Format logging
|
||||||
@ -221,7 +220,7 @@ function configure_glance {
|
|||||||
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
|
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI
|
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
|
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
|
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD
|
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD
|
||||||
|
|||||||
@ -115,7 +115,7 @@ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/ide
|
|||||||
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
|
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
|
||||||
|
|
||||||
# V3 URIs
|
# V3 URIs
|
||||||
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
|
KEYSTONE_AUTH_URI_V3=$KEYSTONE_SERVICE_URI/v3
|
||||||
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
|
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
|
||||||
|
|
||||||
# Security compliance
|
# Security compliance
|
||||||
@ -413,6 +413,7 @@ function configure_keystone_authtoken_middleware {
|
|||||||
local section=${3:-keystone_authtoken}
|
local section=${3:-keystone_authtoken}
|
||||||
|
|
||||||
iniset $conf_file $section auth_type password
|
iniset $conf_file $section auth_type password
|
||||||
|
iniset $conf_file $section interface public
|
||||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
|
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
|
||||||
iniset $conf_file $section username $admin_user
|
iniset $conf_file $section username $admin_user
|
||||||
iniset $conf_file $section password $SERVICE_PASSWORD
|
iniset $conf_file $section password $SERVICE_PASSWORD
|
||||||
@ -561,7 +562,6 @@ function stop_keystone {
|
|||||||
# - ``KEYSTONE_BIN_DIR``
|
# - ``KEYSTONE_BIN_DIR``
|
||||||
# - ``ADMIN_PASSWORD``
|
# - ``ADMIN_PASSWORD``
|
||||||
# - ``IDENTITY_API_VERSION``
|
# - ``IDENTITY_API_VERSION``
|
||||||
# - ``KEYSTONE_AUTH_URI``
|
|
||||||
# - ``REGION_NAME``
|
# - ``REGION_NAME``
|
||||||
# - ``KEYSTONE_SERVICE_PROTOCOL``
|
# - ``KEYSTONE_SERVICE_PROTOCOL``
|
||||||
# - ``KEYSTONE_SERVICE_HOST``
|
# - ``KEYSTONE_SERVICE_HOST``
|
||||||
|
|||||||
@ -372,7 +372,7 @@ function configure_mutnauq {
|
|||||||
function create_nova_conf_neutron {
|
function create_nova_conf_neutron {
|
||||||
local conf=${1:-$NOVA_CONF}
|
local conf=${1:-$NOVA_CONF}
|
||||||
iniset $conf neutron auth_type "password"
|
iniset $conf neutron auth_type "password"
|
||||||
iniset $conf neutron auth_url "$KEYSTONE_AUTH_URI"
|
iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI"
|
||||||
iniset $conf neutron username "$Q_ADMIN_USERNAME"
|
iniset $conf neutron username "$Q_ADMIN_USERNAME"
|
||||||
iniset $conf neutron password "$SERVICE_PASSWORD"
|
iniset $conf neutron password "$SERVICE_PASSWORD"
|
||||||
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME"
|
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||||
|
|||||||
@ -46,7 +46,7 @@ function configure_nova_hypervisor {
|
|||||||
iniset $NOVA_CONF ironic auth_type password
|
iniset $NOVA_CONF ironic auth_type password
|
||||||
iniset $NOVA_CONF ironic username admin
|
iniset $NOVA_CONF ironic username admin
|
||||||
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD
|
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD
|
||||||
iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI
|
iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI
|
||||||
iniset $NOVA_CONF ironic project_domain_id default
|
iniset $NOVA_CONF ironic project_domain_id default
|
||||||
iniset $NOVA_CONF ironic user_domain_id default
|
iniset $NOVA_CONF ironic user_domain_id default
|
||||||
iniset $NOVA_CONF ironic project_name demo
|
iniset $NOVA_CONF ironic project_name demo
|
||||||
|
|||||||
@ -527,7 +527,7 @@ function configure_swift {
|
|||||||
else
|
else
|
||||||
iniset ${testfile} func_test auth_port 80
|
iniset ${testfile} func_test auth_port 80
|
||||||
fi
|
fi
|
||||||
iniset ${testfile} func_test auth_uri ${KEYSTONE_AUTH_URI}
|
iniset ${testfile} func_test auth_uri ${KEYSTONE_SERVICE_URI}
|
||||||
if [[ "$auth_vers" == "3" ]]; then
|
if [[ "$auth_vers" == "3" ]]; then
|
||||||
iniset ${testfile} func_test auth_prefix /identity/v3/
|
iniset ${testfile} func_test auth_prefix /identity/v3/
|
||||||
else
|
else
|
||||||
|
|||||||
4
openrc
4
openrc
@ -87,9 +87,9 @@ export OS_AUTH_TYPE=password
|
|||||||
|
|
||||||
# If you don't have a working .stackenv, this is the backup position
|
# If you don't have a working .stackenv, this is the backup position
|
||||||
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000
|
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000
|
||||||
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP}
|
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP}
|
||||||
|
|
||||||
export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_AUTH_URI}
|
export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI}
|
||||||
|
|
||||||
# Currently, in order to use openstackclient with Identity API v3,
|
# Currently, in order to use openstackclient with Identity API v3,
|
||||||
# we need to set the domain which the user and project belong to.
|
# we need to set the domain which the user and project belong to.
|
||||||
|
|||||||
2
stack.sh
2
stack.sh
@ -1053,7 +1053,7 @@ cat > $TOP_DIR/userrc_early <<EOF
|
|||||||
|
|
||||||
# Set up password auth credentials now that Keystone is bootstrapped
|
# Set up password auth credentials now that Keystone is bootstrapped
|
||||||
export OS_IDENTITY_API_VERSION=3
|
export OS_IDENTITY_API_VERSION=3
|
||||||
export OS_AUTH_URL=$KEYSTONE_AUTH_URI
|
export OS_AUTH_URL=$KEYSTONE_SERVICE_URI
|
||||||
export OS_USERNAME=admin
|
export OS_USERNAME=admin
|
||||||
export OS_USER_DOMAIN_ID=default
|
export OS_USER_DOMAIN_ID=default
|
||||||
export OS_PASSWORD=$ADMIN_PASSWORD
|
export OS_PASSWORD=$ADMIN_PASSWORD
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user