diff --git a/functions-common b/functions-common index 641eca8362..cc5136da56 100644 --- a/functions-common +++ b/functions-common @@ -687,16 +687,13 @@ function policy_add { # Usage: get_or_create_domain function get_or_create_domain { local domain_id - local os_url="$KEYSTONE_SERVICE_URI_V3" # Gets domain id domain_id=$( # Gets domain id - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 domain show $1 \ + openstack domain show $1 \ -f value -c id 2>/dev/null || # Creates new domain - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 domain create $1 \ + openstack domain create $1 \ --description "$2" \ -f value -c id ) @@ -707,13 +704,11 @@ function get_or_create_domain { # Usage: get_or_create_group [] function get_or_create_group { local desc="${3:-}" - local os_url="$KEYSTONE_SERVICE_URI_V3" local group_id # Gets group id group_id=$( # Creates new group with --or-show - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 group create $1 \ + openstack group create $1 \ --domain $2 --description "$desc" --or-show \ -f value -c id ) @@ -735,8 +730,6 @@ function get_or_create_user { openstack user create \ $1 \ --password "$2" \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --domain=$3 \ $email \ --or-show \ @@ -751,9 +744,7 @@ function get_or_create_project { local project_id project_id=$( # Creates new project with --or-show - openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ - project create $1 \ + openstack project create $1 \ --domain=$2 \ --or-show -f value -c id ) @@ -767,8 +758,6 @@ function get_or_create_role { role_id=$( # Creates role with --or-show openstack role create $1 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --or-show -f value -c id ) echo $role_id @@ -781,8 +770,6 @@ function get_or_add_user_project_role { # Gets user role id user_role_id=$(openstack role list \ --user $2 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --column "ID" \ --project $3 \ --column "Name" \ @@ -793,8 +780,6 @@ function get_or_add_user_project_role { $1 \ --user $2 \ --project $3 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ | grep " id " | get_field 2) fi echo $user_role_id @@ -806,21 +791,15 @@ function get_or_add_group_project_role { local group_role_id # Gets group role id group_role_id=$(openstack role list \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 \ -c "ID" -f value) if [[ -z "$group_role_id" ]]; then # Adds role to group and get it openstack role add $1 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 group_role_id=$(openstack role list \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 \ -c "ID" -f value) @@ -838,8 +817,6 @@ function get_or_create_service { openstack service show $2 -f value -c id 2>/dev/null || # Creates new service if not exists openstack service create \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ $2 \ --name $1 \ --description="$3" \ @@ -858,8 +835,6 @@ function _get_or_create_endpoint_with_interface { # gets support for this, the check for the region name can be removed. # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772 endpoint_id=$(openstack endpoint list \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --service $1 \ --interface $2 \ --region $4 \ @@ -867,8 +842,6 @@ function _get_or_create_endpoint_with_interface { if [[ -z "$endpoint_id" ]]; then # Creates new endpoint endpoint_id=$(openstack endpoint create \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ $1 $2 $3 --region $4 -f value -c id) fi diff --git a/stack.sh b/stack.sh index cc8bc8c88f..fa2e490704 100755 --- a/stack.sh +++ b/stack.sh @@ -987,13 +987,15 @@ if is_service_enabled keystone; then start_keystone fi + export OS_IDENTITY_API_VERSION=3 + # Set up a temporary admin URI for Keystone - SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 + SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3 if is_service_enabled tls-proxy; then export OS_CACERT=$INT_CA_DIR/ca-chain.pem # Until the client support is fixed, just use the internal endpoint - SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0 + SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3 fi # Setup OpenStackClient token-endpoint auth @@ -1021,14 +1023,13 @@ if is_service_enabled keystone; then # Begone token auth unset OS_TOKEN OS_URL - # force set to use v2 identity authentication even with v3 commands - export OS_AUTH_TYPE=v2password - # Set up password auth credentials now that Keystone is bootstrapped - export OS_AUTH_URL=$SERVICE_ENDPOINT - export OS_TENANT_NAME=admin + export OS_AUTH_URL=$KEYSTONE_AUTH_URI export OS_USERNAME=admin + export OS_USER_DOMAIN_ID=default export OS_PASSWORD=$ADMIN_PASSWORD + export OS_PROJECT_NAME=admin + export OS_PROJECT_DOMAIN_ID=default export OS_REGION_NAME=$REGION_NAME fi