openstack/devstack
Code Issues Proposed changes

Revert "Move default Keystone API version to v3"

Browse Source 
It seems like the fallout from this was not well sorted.
A lot of things aren't working, and there is still vestigial
v2 bits left behind.

This should have come with a much greater warning and some
spot checking of additional services working with this.

This reverts commit b162a1d58c.

Change-Id: Ia792b23119c00089542ba08879dca1c29dc80945
This commit is contained in:
Sean Dague 2016-02-01 14:58:20 +00:00
parent b162a1d58c
commit 74b91c3eaf
7 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/glance
View File

@ -205,7 +205,7 @@ function configure_glance {
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3 iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user

2
lib/heat
View File

@ -167,7 +167,7 @@ function configure_heat {
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
# ec2authtoken # ec2authtoken
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v3 iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
# OpenStack API # OpenStack API
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT

2
lib/nova_plugins/hypervisor-ironic
View File

@ -47,7 +47,7 @@ function configure_nova_hypervisor {
# ironic section # ironic section
iniset $NOVA_CONF ironic admin_username admin iniset $NOVA_CONF ironic admin_username admin
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v3 iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
iniset $NOVA_CONF ironic admin_tenant_name demo iniset $NOVA_CONF ironic admin_tenant_name demo
iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1 iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1
} }

5
lib/tempest
View File

@ -259,7 +259,6 @@ function configure_tempest {
# Identity # Identity
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/" iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3" iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME
iniset $TEMPEST_CONFIG auth admin_password "$password" iniset $TEMPEST_CONFIG auth admin_password "$password"
@ -270,6 +269,10 @@ function configure_tempest {
if [ "$ENABLE_IDENTITY_V2" == "False" ]; then if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
# Only Identity v3 is available; then skip Identity API v2 tests # Only Identity v3 is available; then skip Identity API v2 tests
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
# In addition, use v3 auth tokens for running all Tempest tests
iniset $TEMPEST_CONFIG identity auth_version v3
else
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
fi fi
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then

11
openrc
View File

@ -77,22 +77,15 @@ KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST} KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
# Identity API version # Identity API version
export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3} export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
# Authenticating against an OpenStack cloud using Keystone returns a **Token** # Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services # and **Service Catalog**. The catalog contains the endpoints for all services
# the user/tenant has access to - including nova, glance, keystone, swift, ... # the user/tenant has access to - including nova, glance, keystone, swift, ...
# We currently recommend using the version 3 *identity api*. # We currently recommend using the 2.0 *identity api*.
# #
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION} export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
# Currently, in order to use openstackclient with Identity API v3,
# we need to set the domain which the user and project belong to.
if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
fi
# Set OS_CACERT to a default CA certificate chain if it exists. # Set OS_CACERT to a default CA certificate chain if it exists.
if [[ ! -v OS_CACERT ]] ; then if [[ ! -v OS_CACERT ]] ; then
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem

2
stackrc
View File

@ -130,7 +130,7 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then
fi fi
# Configure Identity API version: 2.0, 3 # Configure Identity API version: 2.0, 3
IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3} IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack # Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
# deployment will be deploying the Identity v2 pipelines. If this option is set # deployment will be deploying the Identity v2 pipelines. If this option is set

4
tools/create_userrc.sh
View File

@ -133,7 +133,7 @@ if [ -z "$OS_USERNAME" ]; then
fi fi
if [ -z "$OS_AUTH_URL" ]; then if [ -z "$OS_AUTH_URL" ]; then
export OS_AUTH_URL=http://localhost:5000/v3/ export OS_AUTH_URL=http://localhost:5000/v2.0/
fi fi
if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
@ -236,7 +236,7 @@ export EC2_PRIVATE_KEY="$ec2_private_key"
export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id) export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem" export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem" export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
export OS_AUTH_TYPE=v3password export OS_AUTH_TYPE=v2password
EOF EOF
if [ -n "$ADDPASS" ]; then if [ -n "$ADDPASS" ]; then
echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile" echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"