Replace TENANT => PROJECT phase 1
This replaces the use of TENANT variables with PROJECT ones during the initial setup. The openrc will still export a OS_TENANT_NAME because many tools (cinderclient, glanceclient amoung them) will not function without it. We warn when we do that. Change-Id: I824b1121842eb5821034071874bf1bb2d7c3631e
This commit is contained in:
Sean Dague
Ian Wienand
parent
80ea24cbbb
commit
7580a0c3e3
@ -64,7 +64,7 @@ VOL_NAME=${VOL_NAME:-ex-vol-bfv}
|
||||
# Launching a server
|
||||
# ==================
|
||||
|
||||
# List servers for tenant:
|
||||
# List servers for project:
|
||||
nova list
|
||||
|
||||
# Images
|
||||
|
||||
@ -43,19 +43,19 @@ unset NOVA_URL
|
||||
unset NOVA_USERNAME
|
||||
|
||||
# Save the known variables for later
|
||||
export x_TENANT_NAME=$OS_TENANT_NAME
|
||||
export x_PROJECT_NAME=$OS_PROJECT_NAME
|
||||
export x_USERNAME=$OS_USERNAME
|
||||
export x_PASSWORD=$OS_PASSWORD
|
||||
export x_AUTH_URL=$OS_AUTH_URL
|
||||
|
||||
# Unset the usual variables to force argument processing
|
||||
unset OS_TENANT_NAME
|
||||
unset OS_PROJECT_NAME
|
||||
unset OS_USERNAME
|
||||
unset OS_PASSWORD
|
||||
unset OS_AUTH_URL
|
||||
|
||||
# Common authentication args
|
||||
TENANT_ARG="--os-tenant-name=$x_TENANT_NAME"
|
||||
PROJECT_ARG="--os-project-name=$x_PROJECT_NAME"
|
||||
ARGS="--os-username=$x_USERNAME --os-password=$x_PASSWORD --os-auth-url=$x_AUTH_URL"
|
||||
|
||||
# Set global return
|
||||
@ -68,7 +68,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
|
||||
STATUS_KEYSTONE="Skipped"
|
||||
else
|
||||
echo -e "\nTest Keystone"
|
||||
if openstack $TENANT_ARG $ARGS catalog show identity; then
|
||||
if openstack $PROJECT_ARG $ARGS catalog show identity; then
|
||||
STATUS_KEYSTONE="Succeeded"
|
||||
else
|
||||
STATUS_KEYSTONE="Failed"
|
||||
@ -87,7 +87,7 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
||||
else
|
||||
# Test OSAPI
|
||||
echo -e "\nTest Nova"
|
||||
if nova $TENANT_ARG $ARGS flavor-list; then
|
||||
if nova $PROJECT_ARG $ARGS flavor-list; then
|
||||
STATUS_NOVA="Succeeded"
|
||||
else
|
||||
STATUS_NOVA="Failed"
|
||||
@ -104,7 +104,7 @@ if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
|
||||
STATUS_CINDER="Skipped"
|
||||
else
|
||||
echo -e "\nTest Cinder"
|
||||
if cinder $TENANT_ARG $ARGS list; then
|
||||
if cinder $PROJECT_ARG $ARGS list; then
|
||||
STATUS_CINDER="Succeeded"
|
||||
else
|
||||
STATUS_CINDER="Failed"
|
||||
@ -121,7 +121,7 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
|
||||
STATUS_GLANCE="Skipped"
|
||||
else
|
||||
echo -e "\nTest Glance"
|
||||
if openstack $TENANT_ARG $ARGS image list; then
|
||||
if openstack $PROJECT_ARG $ARGS image list; then
|
||||
STATUS_GLANCE="Succeeded"
|
||||
else
|
||||
STATUS_GLANCE="Failed"
|
||||
@ -138,7 +138,7 @@ if [[ "$ENABLED_SERVICES" =~ "swift" || "$ENABLED_SERVICES" =~ "s-proxy" ]]; the
|
||||
STATUS_SWIFT="Skipped"
|
||||
else
|
||||
echo -e "\nTest Swift"
|
||||
if swift $TENANT_ARG $ARGS stat; then
|
||||
if swift $PROJECT_ARG $ARGS stat; then
|
||||
STATUS_SWIFT="Succeeded"
|
||||
else
|
||||
STATUS_SWIFT="Failed"
|
||||
|
||||
@ -48,9 +48,9 @@ source $TOP_DIR/exerciserc
|
||||
# Neutron Settings
|
||||
# ----------------
|
||||
|
||||
TENANTS="DEMO1"
|
||||
PROJECTS="DEMO1"
|
||||
# TODO (nati)_Test public network
|
||||
#TENANTS="DEMO1,DEMO2"
|
||||
#PROJECTS="DEMO1,DEMO2"
|
||||
|
||||
PUBLIC_NAME="admin"
|
||||
DEMO1_NAME="demo1"
|
||||
@ -91,34 +91,34 @@ DEMO2_ROUTER1_NET="demo2-net1"
|
||||
# Various functions
|
||||
# -----------------
|
||||
|
||||
function foreach_tenant {
|
||||
function foreach_project {
|
||||
COMMAND=$1
|
||||
for TENANT in ${TENANTS//,/ };do
|
||||
eval ${COMMAND//%TENANT%/$TENANT}
|
||||
for PROJECT in ${PROJECTS//,/ };do
|
||||
eval ${COMMAND//%PROJECT%/$PROJECT}
|
||||
done
|
||||
}
|
||||
|
||||
function foreach_tenant_resource {
|
||||
function foreach_project_resource {
|
||||
COMMAND=$1
|
||||
RESOURCE=$2
|
||||
for TENANT in ${TENANTS//,/ };do
|
||||
eval 'NUM=$'"${TENANT}_NUM_$RESOURCE"
|
||||
for PROJECT in ${PROJECTS//,/ };do
|
||||
eval 'NUM=$'"${PROJECT}_NUM_$RESOURCE"
|
||||
for i in `seq $NUM`;do
|
||||
local COMMAND_LOCAL=${COMMAND//%TENANT%/$TENANT}
|
||||
local COMMAND_LOCAL=${COMMAND//%PROJECT%/$PROJECT}
|
||||
COMMAND_LOCAL=${COMMAND_LOCAL//%NUM%/$i}
|
||||
eval $COMMAND_LOCAL
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
function foreach_tenant_vm {
|
||||
function foreach_project_vm {
|
||||
COMMAND=$1
|
||||
foreach_tenant_resource "$COMMAND" 'VM'
|
||||
foreach_project_resource "$COMMAND" 'VM'
|
||||
}
|
||||
|
||||
function foreach_tenant_net {
|
||||
function foreach_project_net {
|
||||
COMMAND=$1
|
||||
foreach_tenant_resource "$COMMAND" 'NET'
|
||||
foreach_project_resource "$COMMAND" 'NET'
|
||||
}
|
||||
|
||||
function get_image_id {
|
||||
@ -128,12 +128,12 @@ function get_image_id {
|
||||
echo "$IMAGE_ID"
|
||||
}
|
||||
|
||||
function get_tenant_id {
|
||||
local TENANT_NAME=$1
|
||||
local TENANT_ID
|
||||
TENANT_ID=`openstack project list | grep " $TENANT_NAME " | head -n 1 | get_field 1`
|
||||
die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for $TENANT_NAME"
|
||||
echo "$TENANT_ID"
|
||||
function get_project_id {
|
||||
local PROJECT_NAME=$1
|
||||
local PROJECT_ID
|
||||
PROJECT_ID=`openstack project list | grep " $PROJECT_NAME " | head -n 1 | get_field 1`
|
||||
die_if_not_set $LINENO PROJECT_ID "Failure retrieving PROJECT_ID for $PROJECT_NAME"
|
||||
echo "$PROJECT_ID"
|
||||
}
|
||||
|
||||
function get_user_id {
|
||||
@ -177,23 +177,23 @@ function confirm_server_active {
|
||||
|
||||
function neutron_debug_admin {
|
||||
local os_username=$OS_USERNAME
|
||||
local os_tenant_id=$OS_TENANT_ID
|
||||
local os_project_id=$OS_PROJECT_ID
|
||||
source $TOP_DIR/openrc admin admin
|
||||
neutron-debug $@
|
||||
source $TOP_DIR/openrc $os_username $os_tenant_id
|
||||
source $TOP_DIR/openrc $os_username $os_project_id
|
||||
}
|
||||
|
||||
function add_tenant {
|
||||
function add_project {
|
||||
openstack project create $1
|
||||
openstack user create $2 --password ${ADMIN_PASSWORD} --project $1
|
||||
openstack role add Member --project $1 --user $2
|
||||
}
|
||||
|
||||
function remove_tenant {
|
||||
local TENANT=$1
|
||||
local TENANT_ID
|
||||
TENANT_ID=$(get_tenant_id $TENANT)
|
||||
openstack project delete $TENANT_ID
|
||||
function remove_project {
|
||||
local PROJECT=$1
|
||||
local PROJECT_ID
|
||||
PROJECT_ID=$(get_project_id $PROJECT)
|
||||
openstack project delete $PROJECT_ID
|
||||
}
|
||||
|
||||
function remove_user {
|
||||
@ -203,47 +203,47 @@ function remove_user {
|
||||
openstack user delete $USER_ID
|
||||
}
|
||||
|
||||
function create_tenants {
|
||||
function create_projects {
|
||||
source $TOP_DIR/openrc admin admin
|
||||
add_tenant demo1 demo1 demo1
|
||||
add_tenant demo2 demo2 demo2
|
||||
add_project demo1 demo1 demo1
|
||||
add_project demo2 demo2 demo2
|
||||
source $TOP_DIR/openrc demo demo
|
||||
}
|
||||
|
||||
function delete_tenants_and_users {
|
||||
function delete_projects_and_users {
|
||||
source $TOP_DIR/openrc admin admin
|
||||
remove_user demo1
|
||||
remove_tenant demo1
|
||||
remove_project demo1
|
||||
remove_user demo2
|
||||
remove_tenant demo2
|
||||
echo "removed all tenants"
|
||||
remove_project demo2
|
||||
echo "removed all projects"
|
||||
source $TOP_DIR/openrc demo demo
|
||||
}
|
||||
|
||||
function create_network {
|
||||
local TENANT=$1
|
||||
local PROJECT=$1
|
||||
local GATEWAY=$2
|
||||
local CIDR=$3
|
||||
local NUM=$4
|
||||
local EXTRA=$5
|
||||
local NET_NAME="${TENANT}-net$NUM"
|
||||
local ROUTER_NAME="${TENANT}-router${NUM}"
|
||||
local NET_NAME="${PROJECT}-net$NUM"
|
||||
local ROUTER_NAME="${PROJECT}-router${NUM}"
|
||||
source $TOP_DIR/openrc admin admin
|
||||
local TENANT_ID
|
||||
TENANT_ID=$(get_tenant_id $TENANT)
|
||||
source $TOP_DIR/openrc $TENANT $TENANT
|
||||
local PROJECT_ID
|
||||
PROJECT_ID=$(get_project_id $PROJECT)
|
||||
source $TOP_DIR/openrc $PROJECT $PROJECT
|
||||
local NET_ID
|
||||
NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
|
||||
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $TENANT_ID $NET_NAME $EXTRA"
|
||||
neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR
|
||||
NET_ID=$(neutron net-create --project-id $PROJECT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
|
||||
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PROJECT_ID $NET_NAME $EXTRA"
|
||||
neutron subnet-create --ip-version 4 --project-id $PROJECT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR
|
||||
neutron_debug_admin probe-create --device-owner compute $NET_ID
|
||||
source $TOP_DIR/openrc demo demo
|
||||
}
|
||||
|
||||
function create_networks {
|
||||
foreach_tenant_net 'create_network ${%TENANT%_NAME} ${%TENANT%_NET%NUM%_GATEWAY} ${%TENANT%_NET%NUM%_CIDR} %NUM% ${%TENANT%_NET%NUM%_EXTRA}'
|
||||
foreach_project_net 'create_network ${%PROJECT%_NAME} ${%PROJECT%_NET%NUM%_GATEWAY} ${%PROJECT%_NET%NUM%_CIDR} %NUM% ${%PROJECT%_NET%NUM%_EXTRA}'
|
||||
#TODO(nati) test security group function
|
||||
# allow ICMP for both tenant's security groups
|
||||
# allow ICMP for both project's security groups
|
||||
#source $TOP_DIR/openrc demo1 demo1
|
||||
#$NOVA secgroup-add-rule default icmp -1 -1 0.0.0.0/0
|
||||
#source $TOP_DIR/openrc demo2 demo2
|
||||
@ -251,10 +251,10 @@ function create_networks {
|
||||
}
|
||||
|
||||
function create_vm {
|
||||
local TENANT=$1
|
||||
local PROJECT=$1
|
||||
local NUM=$2
|
||||
local NET_NAMES=$3
|
||||
source $TOP_DIR/openrc $TENANT $TENANT
|
||||
source $TOP_DIR/openrc $PROJECT $PROJECT
|
||||
local NIC=""
|
||||
for NET_NAME in ${NET_NAMES//,/ };do
|
||||
NIC="$NIC --nic net-id="`get_network_id $NET_NAME`
|
||||
@ -265,13 +265,13 @@ function create_vm {
|
||||
VM_UUID=`nova boot --flavor $(get_flavor_id m1.tiny) \
|
||||
--image $(get_image_id) \
|
||||
$NIC \
|
||||
$TENANT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
|
||||
die_if_not_set $LINENO VM_UUID "Failure launching $TENANT-server$NUM"
|
||||
$PROJECT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
|
||||
die_if_not_set $LINENO VM_UUID "Failure launching $PROJECT-server$NUM"
|
||||
confirm_server_active $VM_UUID
|
||||
}
|
||||
|
||||
function create_vms {
|
||||
foreach_tenant_vm 'create_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}'
|
||||
foreach_project_vm 'create_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}'
|
||||
}
|
||||
|
||||
function ping_ip {
|
||||
@ -284,11 +284,11 @@ function ping_ip {
|
||||
}
|
||||
|
||||
function check_vm {
|
||||
local TENANT=$1
|
||||
local PROJECT=$1
|
||||
local NUM=$2
|
||||
local VM_NAME="$TENANT-server$NUM"
|
||||
local VM_NAME="$PROJECT-server$NUM"
|
||||
local NET_NAME=$3
|
||||
source $TOP_DIR/openrc $TENANT $TENANT
|
||||
source $TOP_DIR/openrc $PROJECT $PROJECT
|
||||
ping_ip $VM_NAME $NET_NAME
|
||||
# TODO (nati) test ssh connection
|
||||
# TODO (nati) test inter connection between vm
|
||||
@ -297,31 +297,31 @@ function check_vm {
|
||||
}
|
||||
|
||||
function check_vms {
|
||||
foreach_tenant_vm 'check_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}'
|
||||
foreach_project_vm 'check_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}'
|
||||
}
|
||||
|
||||
function shutdown_vm {
|
||||
local TENANT=$1
|
||||
local PROJECT=$1
|
||||
local NUM=$2
|
||||
source $TOP_DIR/openrc $TENANT $TENANT
|
||||
VM_NAME=${TENANT}-server$NUM
|
||||
source $TOP_DIR/openrc $PROJECT $PROJECT
|
||||
VM_NAME=${PROJECT}-server$NUM
|
||||
nova delete $VM_NAME
|
||||
}
|
||||
|
||||
function shutdown_vms {
|
||||
foreach_tenant_vm 'shutdown_vm ${%TENANT%_NAME} %NUM%'
|
||||
foreach_project_vm 'shutdown_vm ${%PROJECT%_NAME} %NUM%'
|
||||
if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then
|
||||
die $LINENO "Some VMs failed to shutdown"
|
||||
fi
|
||||
}
|
||||
|
||||
function delete_network {
|
||||
local TENANT=$1
|
||||
local PROJECT=$1
|
||||
local NUM=$2
|
||||
local NET_NAME="${TENANT}-net$NUM"
|
||||
local NET_NAME="${PROJECT}-net$NUM"
|
||||
source $TOP_DIR/openrc admin admin
|
||||
local TENANT_ID
|
||||
TENANT_ID=$(get_tenant_id $TENANT)
|
||||
local PROJECT_ID
|
||||
PROJECT_ID=$(get_project_id $PROJECT)
|
||||
#TODO(nati) comment out until l3-agent merged
|
||||
#for res in port subnet net router;do
|
||||
for net_id in `neutron net-list -c id -c name | grep $NET_NAME | awk '{print $2}'`;do
|
||||
@ -333,7 +333,7 @@ function delete_network {
|
||||
}
|
||||
|
||||
function delete_networks {
|
||||
foreach_tenant_net 'delete_network ${%TENANT%_NAME} %NUM%'
|
||||
foreach_project_net 'delete_network ${%PROJECT%_NAME} %NUM%'
|
||||
# TODO(nati) add secuirty group check after it is implemented
|
||||
# source $TOP_DIR/openrc demo1 demo1
|
||||
# nova secgroup-delete-rule default icmp -1 -1 0.0.0.0/0
|
||||
@ -342,7 +342,7 @@ function delete_networks {
|
||||
}
|
||||
|
||||
function create_all {
|
||||
create_tenants
|
||||
create_projects
|
||||
create_networks
|
||||
create_vms
|
||||
}
|
||||
@ -350,7 +350,7 @@ function create_all {
|
||||
function delete_all {
|
||||
shutdown_vms
|
||||
delete_networks
|
||||
delete_tenants_and_users
|
||||
delete_projects_and_users
|
||||
}
|
||||
|
||||
function all {
|
||||
@ -366,8 +366,8 @@ function test_functions {
|
||||
IMAGE=$(get_image_id)
|
||||
echo $IMAGE
|
||||
|
||||
TENANT_ID=$(get_tenant_id demo)
|
||||
echo $TENANT_ID
|
||||
PROJECT_ID=$(get_project_id demo)
|
||||
echo $PROJECT_ID
|
||||
|
||||
FLAVOR_ID=$(get_flavor_id m1.tiny)
|
||||
echo $FLAVOR_ID
|
||||
@ -382,11 +382,11 @@ function test_functions {
|
||||
function usage {
|
||||
echo "$0: [-h]"
|
||||
echo " -h, --help Display help message"
|
||||
echo " -t, --tenant Create tenants"
|
||||
echo " -t, --project Create projects"
|
||||
echo " -n, --net Create networks"
|
||||
echo " -v, --vm Create vms"
|
||||
echo " -c, --check Check connection"
|
||||
echo " -x, --delete-tenants Delete tenants"
|
||||
echo " -x, --delete-projects Delete projects"
|
||||
echo " -y, --delete-nets Delete networks"
|
||||
echo " -z, --delete-vms Delete vms"
|
||||
echo " -T, --test Test functions"
|
||||
@ -412,7 +412,7 @@ function main {
|
||||
-v | --vm ) create_vms
|
||||
exit
|
||||
;;
|
||||
-t | --tenant ) create_tenants
|
||||
-t | --project ) create_projects
|
||||
exit
|
||||
;;
|
||||
-c | --check ) check_vms
|
||||
@ -421,7 +421,7 @@ function main {
|
||||
-T | --test ) test_functions
|
||||
exit
|
||||
;;
|
||||
-x | --delete-tenants ) delete_tenants_and_users
|
||||
-x | --delete-projects ) delete_projects_and_users
|
||||
exit
|
||||
;;
|
||||
-y | --delete-nets ) delete_networks
|
||||
|
||||
@ -351,7 +351,7 @@ function configure_cinder {
|
||||
# Set os_privileged_user credentials (used for os-assisted-snapshots)
|
||||
iniset $CINDER_CONF DEFAULT os_privileged_user_name nova
|
||||
iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
|
||||
iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_TENANT_NAME"
|
||||
iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME"
|
||||
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
|
||||
}
|
||||
|
||||
|
||||
12
lib/glance
12
lib/glance
@ -143,7 +143,7 @@ function configure_glance {
|
||||
iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
|
||||
iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
|
||||
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id default
|
||||
@ -198,7 +198,7 @@ function configure_glance {
|
||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
|
||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
|
||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
|
||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password
|
||||
@ -226,9 +226,9 @@ function configure_glance {
|
||||
|
||||
# Project User Roles
|
||||
# ---------------------------------------------------------------------
|
||||
# SERVICE_TENANT_NAME glance service
|
||||
# SERVICE_TENANT_NAME glance-swift ResellerAdmin (if Swift is enabled)
|
||||
# SERVICE_TENANT_NAME glance-search search (if Search is enabled)
|
||||
# SERVICE_PROJECT_NAME glance service
|
||||
# SERVICE_PROJECT_NAME glance-swift ResellerAdmin (if Swift is enabled)
|
||||
# SERVICE_PROJECT_NAME glance-search search (if Search is enabled)
|
||||
|
||||
function create_glance_accounts {
|
||||
if is_service_enabled g-api; then
|
||||
@ -241,7 +241,7 @@ function create_glance_accounts {
|
||||
local glance_swift_user
|
||||
glance_swift_user=$(get_or_create_user "glance-swift" \
|
||||
"$SERVICE_PASSWORD" "default" "glance-swift@example.com")
|
||||
get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
|
||||
get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_PROJECT_NAME
|
||||
fi
|
||||
|
||||
get_or_create_service "glance" "image" "Glance Image Service"
|
||||
|
||||
@ -108,7 +108,7 @@ KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
||||
# Bind hosts
|
||||
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
|
||||
# Set the tenant for service accounts in Keystone
|
||||
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
|
||||
SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service}
|
||||
|
||||
# if we are running with SSL use https protocols
|
||||
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
||||
@ -384,7 +384,7 @@ function create_keystone_accounts {
|
||||
get_or_add_user_domain_role $admin_role $admin_user default
|
||||
|
||||
# Create service project/role
|
||||
get_or_create_project "$SERVICE_TENANT_NAME" default
|
||||
get_or_create_project "$SERVICE_PROJECT_NAME" default
|
||||
|
||||
# Service role, so service users do not have to be admins
|
||||
get_or_create_role service
|
||||
@ -458,7 +458,7 @@ function create_service_user {
|
||||
|
||||
local user
|
||||
user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
|
||||
get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
|
||||
get_or_add_user_project_role "$role" "$user" "$SERVICE_PROJECT_NAME"
|
||||
}
|
||||
|
||||
# Configure the service to use the auth token middleware.
|
||||
@ -479,7 +479,7 @@ function configure_auth_token_middleware {
|
||||
iniset $conf_file $section username $admin_user
|
||||
iniset $conf_file $section password $SERVICE_PASSWORD
|
||||
iniset $conf_file $section user_domain_id default
|
||||
iniset $conf_file $section project_name $SERVICE_TENANT_NAME
|
||||
iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
|
||||
iniset $conf_file $section project_domain_id default
|
||||
|
||||
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
|
||||
|
||||
@ -483,7 +483,7 @@ function create_nova_conf_neutron {
|
||||
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
|
||||
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
|
||||
iniset $NOVA_CONF neutron user_domain_name "Default"
|
||||
iniset $NOVA_CONF neutron project_name "$SERVICE_TENANT_NAME"
|
||||
iniset $NOVA_CONF neutron project_name "$SERVICE_PROJECT_NAME"
|
||||
iniset $NOVA_CONF neutron project_domain_name "Default"
|
||||
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
|
||||
iniset $NOVA_CONF neutron region_name "$REGION_NAME"
|
||||
@ -1169,7 +1169,7 @@ function _configure_neutron_service {
|
||||
iniset $NEUTRON_CONF nova username nova
|
||||
iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
|
||||
iniset $NEUTRON_CONF nova user_domain_id default
|
||||
iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
|
||||
iniset $NEUTRON_CONF nova project_name $SERVICE_PROJECT_NAME
|
||||
iniset $NEUTRON_CONF nova project_domain_id default
|
||||
iniset $NEUTRON_CONF nova region_name $REGION_NAME
|
||||
|
||||
|
||||
6
lib/nova
6
lib/nova
@ -404,8 +404,8 @@ function configure_nova {
|
||||
#
|
||||
# Project User Roles
|
||||
# ------------------------------------------------------------------
|
||||
# SERVICE_TENANT_NAME nova admin
|
||||
# SERVICE_TENANT_NAME nova ResellerAdmin (if Swift is enabled)
|
||||
# SERVICE_PROJECT_NAME nova admin
|
||||
# SERVICE_PROJECT_NAME nova ResellerAdmin (if Swift is enabled)
|
||||
function create_nova_accounts {
|
||||
|
||||
# Nova
|
||||
@ -444,7 +444,7 @@ function create_nova_accounts {
|
||||
if is_service_enabled swift; then
|
||||
# Nova needs ResellerAdmin role to download images when accessing
|
||||
# swift through the s3 api.
|
||||
get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME
|
||||
get_or_add_user_project_role ResellerAdmin nova $SERVICE_PROJECT_NAME
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -450,7 +450,7 @@ auth_host = ${KEYSTONE_AUTH_HOST}
|
||||
auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
|
||||
cafile = ${SSL_BUNDLE_FILE}
|
||||
admin_user = swift
|
||||
admin_tenant_name = ${SERVICE_TENANT_NAME}
|
||||
admin_tenant_name = ${SERVICE_PROJECT_NAME}
|
||||
admin_password = ${SERVICE_PASSWORD}
|
||||
|
||||
[filter:swift3]
|
||||
@ -812,7 +812,7 @@ function swift_configure_tempurls {
|
||||
# note we are using swift credentials!
|
||||
OS_USERNAME=swift \
|
||||
OS_PASSWORD=$SERVICE_PASSWORD \
|
||||
OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
|
||||
OS_PROJECT_NAME=$SERVICE_PROJECT_NAME \
|
||||
openstack object store account \
|
||||
set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY"
|
||||
}
|
||||
|
||||
26
openrc
26
openrc
@ -1,9 +1,9 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# source openrc [username] [tenantname]
|
||||
# source openrc [username] [projectname]
|
||||
#
|
||||
# Configure a set of credentials for $TENANT/$USERNAME:
|
||||
# Set OS_TENANT_NAME to override the default tenant 'demo'
|
||||
# Configure a set of credentials for $PROJECT/$USERNAME:
|
||||
# Set OS_PROJECT_NAME to override the default project 'demo'
|
||||
# Set OS_USERNAME to override the default user name 'demo'
|
||||
# Set ADMIN_PASSWORD to set the password for 'admin' and 'demo'
|
||||
|
||||
@ -14,7 +14,7 @@ if [[ -n "$1" ]]; then
|
||||
OS_USERNAME=$1
|
||||
fi
|
||||
if [[ -n "$2" ]]; then
|
||||
OS_TENANT_NAME=$2
|
||||
OS_PROJECT_NAME=$2
|
||||
fi
|
||||
|
||||
# Find the other rc files
|
||||
@ -34,13 +34,17 @@ fi
|
||||
# Get some necessary configuration
|
||||
source $RC_DIR/lib/tls
|
||||
|
||||
# The introduction of Keystone to the OpenStack ecosystem has standardized the
|
||||
# term **tenant** as the entity that owns resources. In some places references
|
||||
# still exist to the original Nova term **project** for this use. Also,
|
||||
# **tenant_name** is preferred to **tenant_id**.
|
||||
export OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
|
||||
# The OpenStack ecosystem has standardized the term **project** as the
|
||||
# entity that owns resources. In some places **tenant** remains
|
||||
# referenced, but in all cases this just means **project**. We will
|
||||
# warn if we need to turn on legacy **tenant** support to have a
|
||||
# working environment.
|
||||
export OS_PROJECT_NAME=${OS_PROJECT_NAME:-demo}
|
||||
|
||||
# In addition to the owning entity (tenant), nova stores the entity performing
|
||||
echo "WARNING: setting legacy OS_TENANT_NAME to support cli tools."
|
||||
export OS_TENANT_NAME=$OS_PROJECT_NAME
|
||||
|
||||
# In addition to the owning entity (project), nova stores the entity performing
|
||||
# the action as the **user**.
|
||||
export OS_USERNAME=${OS_USERNAME:-demo}
|
||||
|
||||
@ -81,7 +85,7 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
|
||||
|
||||
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
|
||||
# and **Service Catalog**. The catalog contains the endpoints for all services
|
||||
# the user/tenant has access to - including nova, glance, keystone, swift, ...
|
||||
# the user/project has access to - including nova, glance, keystone, swift, ...
|
||||
# We currently recommend using the 2.0 *identity api*.
|
||||
#
|
||||
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
|
||||
|
||||
2
stack.sh
2
stack.sh
@ -1210,7 +1210,7 @@ fi
|
||||
|
||||
# Create an access key and secret key for Nova EC2 register image
|
||||
if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then
|
||||
eval $(openstack ec2 credentials create --user nova --project $SERVICE_TENANT_NAME -f shell -c access -c secret)
|
||||
eval $(openstack ec2 credentials create --user nova --project $SERVICE_PROJECT_NAME -f shell -c access -c secret)
|
||||
iniset $NOVA_CONF DEFAULT s3_access_key "$access"
|
||||
iniset $NOVA_CONF DEFAULT s3_secret_key "$secret"
|
||||
iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user