From 32c00890ed5f296ccb829196accfb437dbed8f6f Mon Sep 17 00:00:00 2001 From: Jens Harbott Date: Wed, 10 Apr 2019 10:33:39 +0000 Subject: [PATCH] Prepare for dropping keystone admin endpoint Keystone no longer has any special functionality hidden behind the admin endpoint. Stop referencing it in consumers, so it can later be dropped completely. Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2 --- functions-common | 2 +- lib/glance | 5 ++--- lib/keystone | 4 ++-- lib/neutron-legacy | 2 +- lib/nova_plugins/hypervisor-ironic | 2 +- lib/swift | 2 +- openrc | 4 ++-- stack.sh | 2 +- 8 files changed, 11 insertions(+), 12 deletions(-) diff --git a/functions-common b/functions-common index dea5aa93a8..6595c3de53 100644 --- a/functions-common +++ b/functions-common @@ -47,7 +47,7 @@ KILL_PATH="$(which kill)" # Save these variables to .stackenv STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \ - KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \ + KEYSTONE_SERVICE_URI \ LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \ HOST_IPV6 SERVICE_IP_VERSION" diff --git a/lib/glance b/lib/glance index 4fa1b6a4e3..6d252e317c 100644 --- a/lib/glance +++ b/lib/glance @@ -208,8 +208,7 @@ function configure_glance { if is_service_enabled tls-proxy; then iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT - - iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI + iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI fi # Format logging @@ -221,7 +220,7 @@ function configure_glance { iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ - iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI + iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD diff --git a/lib/keystone b/lib/keystone index 1910f348b7..d4c7b063bb 100644 --- a/lib/keystone +++ b/lib/keystone @@ -115,7 +115,7 @@ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/ide KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI # V3 URIs -KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3 +KEYSTONE_AUTH_URI_V3=$KEYSTONE_SERVICE_URI/v3 KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3 # Security compliance @@ -413,6 +413,7 @@ function configure_keystone_authtoken_middleware { local section=${3:-keystone_authtoken} iniset $conf_file $section auth_type password + iniset $conf_file $section interface public iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI iniset $conf_file $section username $admin_user iniset $conf_file $section password $SERVICE_PASSWORD @@ -561,7 +562,6 @@ function stop_keystone { # - ``KEYSTONE_BIN_DIR`` # - ``ADMIN_PASSWORD`` # - ``IDENTITY_API_VERSION`` -# - ``KEYSTONE_AUTH_URI`` # - ``REGION_NAME`` # - ``KEYSTONE_SERVICE_PROTOCOL`` # - ``KEYSTONE_SERVICE_HOST`` diff --git a/lib/neutron-legacy b/lib/neutron-legacy index bb1536aa9c..5e4251f9f6 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -372,7 +372,7 @@ function configure_mutnauq { function create_nova_conf_neutron { local conf=${1:-$NOVA_CONF} iniset $conf neutron auth_type "password" - iniset $conf neutron auth_url "$KEYSTONE_AUTH_URI" + iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI" iniset $conf neutron username "$Q_ADMIN_USERNAME" iniset $conf neutron password "$SERVICE_PASSWORD" iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME" diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic index b147c4327a..bda6ef6998 100644 --- a/lib/nova_plugins/hypervisor-ironic +++ b/lib/nova_plugins/hypervisor-ironic @@ -46,7 +46,7 @@ function configure_nova_hypervisor { iniset $NOVA_CONF ironic auth_type password iniset $NOVA_CONF ironic username admin iniset $NOVA_CONF ironic password $ADMIN_PASSWORD - iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI + iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI iniset $NOVA_CONF ironic project_domain_id default iniset $NOVA_CONF ironic user_domain_id default iniset $NOVA_CONF ironic project_name demo diff --git a/lib/swift b/lib/swift index 3c121ca6ec..a981dfc10a 100644 --- a/lib/swift +++ b/lib/swift @@ -527,7 +527,7 @@ function configure_swift { else iniset ${testfile} func_test auth_port 80 fi - iniset ${testfile} func_test auth_uri ${KEYSTONE_AUTH_URI} + iniset ${testfile} func_test auth_uri ${KEYSTONE_SERVICE_URI} if [[ "$auth_vers" == "3" ]]; then iniset ${testfile} func_test auth_prefix /identity/v3/ else diff --git a/openrc b/openrc index 99d3351d53..beeaebea42 100644 --- a/openrc +++ b/openrc @@ -87,9 +87,9 @@ export OS_AUTH_TYPE=password # If you don't have a working .stackenv, this is the backup position KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000 -KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP} +KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP} -export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_AUTH_URI} +export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI} # Currently, in order to use openstackclient with Identity API v3, # we need to set the domain which the user and project belong to. diff --git a/stack.sh b/stack.sh index 709b97b0ef..37e75185f1 100755 --- a/stack.sh +++ b/stack.sh @@ -1053,7 +1053,7 @@ cat > $TOP_DIR/userrc_early <