Revert "Move default Keystone API version to v3"
It seems like the fallout from this was not well sorted. A lot of things aren't working, and there is still vestigial v2 bits left behind. This should have come with a much greater warning and some spot checking of additional services working with this. This reverts commit b162a1d58cdecfb32847b59bd341e06c26efb1ed. Change-Id: Ia792b23119c00089542ba08879dca1c29dc80945
This commit is contained in:
parent
b162a1d58c
commit
74b91c3eaf
@ -205,7 +205,7 @@ function configure_glance {
|
|||||||
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
|
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
||||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
|
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3
|
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
|
||||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
|
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
|
||||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
|
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
|
||||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
|
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
|
||||||
|
2
lib/heat
2
lib/heat
@ -167,7 +167,7 @@ function configure_heat {
|
|||||||
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
|
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
|
||||||
|
|
||||||
# ec2authtoken
|
# ec2authtoken
|
||||||
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v3
|
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
||||||
|
|
||||||
# OpenStack API
|
# OpenStack API
|
||||||
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
|
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
|
||||||
|
@ -47,7 +47,7 @@ function configure_nova_hypervisor {
|
|||||||
# ironic section
|
# ironic section
|
||||||
iniset $NOVA_CONF ironic admin_username admin
|
iniset $NOVA_CONF ironic admin_username admin
|
||||||
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
|
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
|
||||||
iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v3
|
iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
|
||||||
iniset $NOVA_CONF ironic admin_tenant_name demo
|
iniset $NOVA_CONF ironic admin_tenant_name demo
|
||||||
iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1
|
iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1
|
||||||
}
|
}
|
||||||
|
@ -259,7 +259,6 @@ function configure_tempest {
|
|||||||
# Identity
|
# Identity
|
||||||
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
|
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
|
||||||
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
|
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
|
||||||
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
|
|
||||||
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
|
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
|
||||||
iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME
|
iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME
|
||||||
iniset $TEMPEST_CONFIG auth admin_password "$password"
|
iniset $TEMPEST_CONFIG auth admin_password "$password"
|
||||||
@ -270,6 +269,10 @@ function configure_tempest {
|
|||||||
if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
|
if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
|
||||||
# Only Identity v3 is available; then skip Identity API v2 tests
|
# Only Identity v3 is available; then skip Identity API v2 tests
|
||||||
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
|
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
|
||||||
|
# In addition, use v3 auth tokens for running all Tempest tests
|
||||||
|
iniset $TEMPEST_CONFIG identity auth_version v3
|
||||||
|
else
|
||||||
|
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
||||||
|
11
openrc
11
openrc
@ -77,22 +77,15 @@ KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
|
|||||||
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
|
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
|
||||||
|
|
||||||
# Identity API version
|
# Identity API version
|
||||||
export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
|
export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
|
||||||
|
|
||||||
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
|
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
|
||||||
# and **Service Catalog**. The catalog contains the endpoints for all services
|
# and **Service Catalog**. The catalog contains the endpoints for all services
|
||||||
# the user/tenant has access to - including nova, glance, keystone, swift, ...
|
# the user/tenant has access to - including nova, glance, keystone, swift, ...
|
||||||
# We currently recommend using the version 3 *identity api*.
|
# We currently recommend using the 2.0 *identity api*.
|
||||||
#
|
#
|
||||||
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
|
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
|
||||||
|
|
||||||
# Currently, in order to use openstackclient with Identity API v3,
|
|
||||||
# we need to set the domain which the user and project belong to.
|
|
||||||
if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
|
|
||||||
export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
|
|
||||||
export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set OS_CACERT to a default CA certificate chain if it exists.
|
# Set OS_CACERT to a default CA certificate chain if it exists.
|
||||||
if [[ ! -v OS_CACERT ]] ; then
|
if [[ ! -v OS_CACERT ]] ; then
|
||||||
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
|
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
|
||||||
|
2
stackrc
2
stackrc
@ -130,7 +130,7 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Configure Identity API version: 2.0, 3
|
# Configure Identity API version: 2.0, 3
|
||||||
IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
|
IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
|
||||||
|
|
||||||
# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
|
# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
|
||||||
# deployment will be deploying the Identity v2 pipelines. If this option is set
|
# deployment will be deploying the Identity v2 pipelines. If this option is set
|
||||||
|
@ -133,7 +133,7 @@ if [ -z "$OS_USERNAME" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$OS_AUTH_URL" ]; then
|
if [ -z "$OS_AUTH_URL" ]; then
|
||||||
export OS_AUTH_URL=http://localhost:5000/v3/
|
export OS_AUTH_URL=http://localhost:5000/v2.0/
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
|
if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
|
||||||
@ -236,7 +236,7 @@ export EC2_PRIVATE_KEY="$ec2_private_key"
|
|||||||
export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
|
export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
|
||||||
export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
|
export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
|
||||||
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
|
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
|
||||||
export OS_AUTH_TYPE=v3password
|
export OS_AUTH_TYPE=v2password
|
||||||
EOF
|
EOF
|
||||||
if [ -n "$ADDPASS" ]; then
|
if [ -n "$ADDPASS" ]; then
|
||||||
echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"
|
echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"
|
||||||
|
Loading…
x
Reference in New Issue
Block a user