From 4b115ad526df7e12bbdc71e0280b3c691e53ed04 Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Fri, 29 May 2015 08:36:40 +0000 Subject: [PATCH] Convert identity defaults to keystone v3 api At this point all our function calls should be using the V3 APIs anyway so switch the authentication credentials to v3 compatible ones and remove all the hacks we added to force v3 API calls. Implements: bp keystonev3 Change-Id: If92d3e11b9a363454f77527783b6d25f4da9c249 --- functions-common | 35 ++++------------------------------- stack.sh | 15 ++++++++------- 2 files changed, 12 insertions(+), 38 deletions(-) diff --git a/functions-common b/functions-common index 641eca8362..cc5136da56 100644 --- a/functions-common +++ b/functions-common @@ -687,16 +687,13 @@ function policy_add { # Usage: get_or_create_domain function get_or_create_domain { local domain_id - local os_url="$KEYSTONE_SERVICE_URI_V3" # Gets domain id domain_id=$( # Gets domain id - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 domain show $1 \ + openstack domain show $1 \ -f value -c id 2>/dev/null || # Creates new domain - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 domain create $1 \ + openstack domain create $1 \ --description "$2" \ -f value -c id ) @@ -707,13 +704,11 @@ function get_or_create_domain { # Usage: get_or_create_group [] function get_or_create_group { local desc="${3:-}" - local os_url="$KEYSTONE_SERVICE_URI_V3" local group_id # Gets group id group_id=$( # Creates new group with --or-show - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 group create $1 \ + openstack group create $1 \ --domain $2 --description "$desc" --or-show \ -f value -c id ) @@ -735,8 +730,6 @@ function get_or_create_user { openstack user create \ $1 \ --password "$2" \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --domain=$3 \ $email \ --or-show \ @@ -751,9 +744,7 @@ function get_or_create_project { local project_id project_id=$( # Creates new project with --or-show - openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ - project create $1 \ + openstack project create $1 \ --domain=$2 \ --or-show -f value -c id ) @@ -767,8 +758,6 @@ function get_or_create_role { role_id=$( # Creates role with --or-show openstack role create $1 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --or-show -f value -c id ) echo $role_id @@ -781,8 +770,6 @@ function get_or_add_user_project_role { # Gets user role id user_role_id=$(openstack role list \ --user $2 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --column "ID" \ --project $3 \ --column "Name" \ @@ -793,8 +780,6 @@ function get_or_add_user_project_role { $1 \ --user $2 \ --project $3 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ | grep " id " | get_field 2) fi echo $user_role_id @@ -806,21 +791,15 @@ function get_or_add_group_project_role { local group_role_id # Gets group role id group_role_id=$(openstack role list \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 \ -c "ID" -f value) if [[ -z "$group_role_id" ]]; then # Adds role to group and get it openstack role add $1 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 group_role_id=$(openstack role list \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 \ -c "ID" -f value) @@ -838,8 +817,6 @@ function get_or_create_service { openstack service show $2 -f value -c id 2>/dev/null || # Creates new service if not exists openstack service create \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ $2 \ --name $1 \ --description="$3" \ @@ -858,8 +835,6 @@ function _get_or_create_endpoint_with_interface { # gets support for this, the check for the region name can be removed. # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772 endpoint_id=$(openstack endpoint list \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --service $1 \ --interface $2 \ --region $4 \ @@ -867,8 +842,6 @@ function _get_or_create_endpoint_with_interface { if [[ -z "$endpoint_id" ]]; then # Creates new endpoint endpoint_id=$(openstack endpoint create \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ $1 $2 $3 --region $4 -f value -c id) fi diff --git a/stack.sh b/stack.sh index cc8bc8c88f..fa2e490704 100755 --- a/stack.sh +++ b/stack.sh @@ -987,13 +987,15 @@ if is_service_enabled keystone; then start_keystone fi + export OS_IDENTITY_API_VERSION=3 + # Set up a temporary admin URI for Keystone - SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 + SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3 if is_service_enabled tls-proxy; then export OS_CACERT=$INT_CA_DIR/ca-chain.pem # Until the client support is fixed, just use the internal endpoint - SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0 + SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3 fi # Setup OpenStackClient token-endpoint auth @@ -1021,14 +1023,13 @@ if is_service_enabled keystone; then # Begone token auth unset OS_TOKEN OS_URL - # force set to use v2 identity authentication even with v3 commands - export OS_AUTH_TYPE=v2password - # Set up password auth credentials now that Keystone is bootstrapped - export OS_AUTH_URL=$SERVICE_ENDPOINT - export OS_TENANT_NAME=admin + export OS_AUTH_URL=$KEYSTONE_AUTH_URI export OS_USERNAME=admin + export OS_USER_DOMAIN_ID=default export OS_PASSWORD=$ADMIN_PASSWORD + export OS_PROJECT_NAME=admin + export OS_PROJECT_DOMAIN_ID=default export OS_REGION_NAME=$REGION_NAME fi