From 7580a0c3e37932a8fc03750d35ccd4e13e18f8c4 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Wed, 17 Feb 2016 06:23:36 -0500 Subject: [PATCH] Replace TENANT => PROJECT phase 1 This replaces the use of TENANT variables with PROJECT ones during the initial setup. The openrc will still export a OS_TENANT_NAME because many tools (cinderclient, glanceclient amoung them) will not function without it. We warn when we do that. Change-Id: I824b1121842eb5821034071874bf1bb2d7c3631e --- exercises/boot_from_volume.sh | 2 +- exercises/client-args.sh | 16 ++-- exercises/neutron-adv-test.sh | 142 +++++++++++++++++----------------- lib/cinder | 2 +- lib/glance | 12 +-- lib/keystone | 8 +- lib/neutron-legacy | 4 +- lib/nova | 6 +- lib/swift | 4 +- openrc | 26 ++++--- stack.sh | 2 +- 11 files changed, 114 insertions(+), 110 deletions(-) diff --git a/exercises/boot_from_volume.sh b/exercises/boot_from_volume.sh index d520b9bbbf..54098594ff 100755 --- a/exercises/boot_from_volume.sh +++ b/exercises/boot_from_volume.sh @@ -64,7 +64,7 @@ VOL_NAME=${VOL_NAME:-ex-vol-bfv} # Launching a server # ================== -# List servers for tenant: +# List servers for project: nova list # Images diff --git a/exercises/client-args.sh b/exercises/client-args.sh index 7cfef1c807..07ce5284e8 100755 --- a/exercises/client-args.sh +++ b/exercises/client-args.sh @@ -43,19 +43,19 @@ unset NOVA_URL unset NOVA_USERNAME # Save the known variables for later -export x_TENANT_NAME=$OS_TENANT_NAME +export x_PROJECT_NAME=$OS_PROJECT_NAME export x_USERNAME=$OS_USERNAME export x_PASSWORD=$OS_PASSWORD export x_AUTH_URL=$OS_AUTH_URL # Unset the usual variables to force argument processing -unset OS_TENANT_NAME +unset OS_PROJECT_NAME unset OS_USERNAME unset OS_PASSWORD unset OS_AUTH_URL # Common authentication args -TENANT_ARG="--os-tenant-name=$x_TENANT_NAME" +PROJECT_ARG="--os-project-name=$x_PROJECT_NAME" ARGS="--os-username=$x_USERNAME --os-password=$x_PASSWORD --os-auth-url=$x_AUTH_URL" # Set global return @@ -68,7 +68,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then STATUS_KEYSTONE="Skipped" else echo -e "\nTest Keystone" - if openstack $TENANT_ARG $ARGS catalog show identity; then + if openstack $PROJECT_ARG $ARGS catalog show identity; then STATUS_KEYSTONE="Succeeded" else STATUS_KEYSTONE="Failed" @@ -87,7 +87,7 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then else # Test OSAPI echo -e "\nTest Nova" - if nova $TENANT_ARG $ARGS flavor-list; then + if nova $PROJECT_ARG $ARGS flavor-list; then STATUS_NOVA="Succeeded" else STATUS_NOVA="Failed" @@ -104,7 +104,7 @@ if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then STATUS_CINDER="Skipped" else echo -e "\nTest Cinder" - if cinder $TENANT_ARG $ARGS list; then + if cinder $PROJECT_ARG $ARGS list; then STATUS_CINDER="Succeeded" else STATUS_CINDER="Failed" @@ -121,7 +121,7 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then STATUS_GLANCE="Skipped" else echo -e "\nTest Glance" - if openstack $TENANT_ARG $ARGS image list; then + if openstack $PROJECT_ARG $ARGS image list; then STATUS_GLANCE="Succeeded" else STATUS_GLANCE="Failed" @@ -138,7 +138,7 @@ if [[ "$ENABLED_SERVICES" =~ "swift" || "$ENABLED_SERVICES" =~ "s-proxy" ]]; the STATUS_SWIFT="Skipped" else echo -e "\nTest Swift" - if swift $TENANT_ARG $ARGS stat; then + if swift $PROJECT_ARG $ARGS stat; then STATUS_SWIFT="Succeeded" else STATUS_SWIFT="Failed" diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh index a8fbd86473..a3128a8d71 100755 --- a/exercises/neutron-adv-test.sh +++ b/exercises/neutron-adv-test.sh @@ -48,9 +48,9 @@ source $TOP_DIR/exerciserc # Neutron Settings # ---------------- -TENANTS="DEMO1" +PROJECTS="DEMO1" # TODO (nati)_Test public network -#TENANTS="DEMO1,DEMO2" +#PROJECTS="DEMO1,DEMO2" PUBLIC_NAME="admin" DEMO1_NAME="demo1" @@ -91,34 +91,34 @@ DEMO2_ROUTER1_NET="demo2-net1" # Various functions # ----------------- -function foreach_tenant { +function foreach_project { COMMAND=$1 - for TENANT in ${TENANTS//,/ };do - eval ${COMMAND//%TENANT%/$TENANT} + for PROJECT in ${PROJECTS//,/ };do + eval ${COMMAND//%PROJECT%/$PROJECT} done } -function foreach_tenant_resource { +function foreach_project_resource { COMMAND=$1 RESOURCE=$2 - for TENANT in ${TENANTS//,/ };do - eval 'NUM=$'"${TENANT}_NUM_$RESOURCE" + for PROJECT in ${PROJECTS//,/ };do + eval 'NUM=$'"${PROJECT}_NUM_$RESOURCE" for i in `seq $NUM`;do - local COMMAND_LOCAL=${COMMAND//%TENANT%/$TENANT} + local COMMAND_LOCAL=${COMMAND//%PROJECT%/$PROJECT} COMMAND_LOCAL=${COMMAND_LOCAL//%NUM%/$i} eval $COMMAND_LOCAL done done } -function foreach_tenant_vm { +function foreach_project_vm { COMMAND=$1 - foreach_tenant_resource "$COMMAND" 'VM' + foreach_project_resource "$COMMAND" 'VM' } -function foreach_tenant_net { +function foreach_project_net { COMMAND=$1 - foreach_tenant_resource "$COMMAND" 'NET' + foreach_project_resource "$COMMAND" 'NET' } function get_image_id { @@ -128,12 +128,12 @@ function get_image_id { echo "$IMAGE_ID" } -function get_tenant_id { - local TENANT_NAME=$1 - local TENANT_ID - TENANT_ID=`openstack project list | grep " $TENANT_NAME " | head -n 1 | get_field 1` - die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for $TENANT_NAME" - echo "$TENANT_ID" +function get_project_id { + local PROJECT_NAME=$1 + local PROJECT_ID + PROJECT_ID=`openstack project list | grep " $PROJECT_NAME " | head -n 1 | get_field 1` + die_if_not_set $LINENO PROJECT_ID "Failure retrieving PROJECT_ID for $PROJECT_NAME" + echo "$PROJECT_ID" } function get_user_id { @@ -177,23 +177,23 @@ function confirm_server_active { function neutron_debug_admin { local os_username=$OS_USERNAME - local os_tenant_id=$OS_TENANT_ID + local os_project_id=$OS_PROJECT_ID source $TOP_DIR/openrc admin admin neutron-debug $@ - source $TOP_DIR/openrc $os_username $os_tenant_id + source $TOP_DIR/openrc $os_username $os_project_id } -function add_tenant { +function add_project { openstack project create $1 openstack user create $2 --password ${ADMIN_PASSWORD} --project $1 openstack role add Member --project $1 --user $2 } -function remove_tenant { - local TENANT=$1 - local TENANT_ID - TENANT_ID=$(get_tenant_id $TENANT) - openstack project delete $TENANT_ID +function remove_project { + local PROJECT=$1 + local PROJECT_ID + PROJECT_ID=$(get_project_id $PROJECT) + openstack project delete $PROJECT_ID } function remove_user { @@ -203,47 +203,47 @@ function remove_user { openstack user delete $USER_ID } -function create_tenants { +function create_projects { source $TOP_DIR/openrc admin admin - add_tenant demo1 demo1 demo1 - add_tenant demo2 demo2 demo2 + add_project demo1 demo1 demo1 + add_project demo2 demo2 demo2 source $TOP_DIR/openrc demo demo } -function delete_tenants_and_users { +function delete_projects_and_users { source $TOP_DIR/openrc admin admin remove_user demo1 - remove_tenant demo1 + remove_project demo1 remove_user demo2 - remove_tenant demo2 - echo "removed all tenants" + remove_project demo2 + echo "removed all projects" source $TOP_DIR/openrc demo demo } function create_network { - local TENANT=$1 + local PROJECT=$1 local GATEWAY=$2 local CIDR=$3 local NUM=$4 local EXTRA=$5 - local NET_NAME="${TENANT}-net$NUM" - local ROUTER_NAME="${TENANT}-router${NUM}" + local NET_NAME="${PROJECT}-net$NUM" + local ROUTER_NAME="${PROJECT}-router${NUM}" source $TOP_DIR/openrc admin admin - local TENANT_ID - TENANT_ID=$(get_tenant_id $TENANT) - source $TOP_DIR/openrc $TENANT $TENANT + local PROJECT_ID + PROJECT_ID=$(get_project_id $PROJECT) + source $TOP_DIR/openrc $PROJECT $PROJECT local NET_ID - NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' ) - die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $TENANT_ID $NET_NAME $EXTRA" - neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR + NET_ID=$(neutron net-create --project-id $PROJECT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' ) + die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PROJECT_ID $NET_NAME $EXTRA" + neutron subnet-create --ip-version 4 --project-id $PROJECT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR neutron_debug_admin probe-create --device-owner compute $NET_ID source $TOP_DIR/openrc demo demo } function create_networks { - foreach_tenant_net 'create_network ${%TENANT%_NAME} ${%TENANT%_NET%NUM%_GATEWAY} ${%TENANT%_NET%NUM%_CIDR} %NUM% ${%TENANT%_NET%NUM%_EXTRA}' + foreach_project_net 'create_network ${%PROJECT%_NAME} ${%PROJECT%_NET%NUM%_GATEWAY} ${%PROJECT%_NET%NUM%_CIDR} %NUM% ${%PROJECT%_NET%NUM%_EXTRA}' #TODO(nati) test security group function - # allow ICMP for both tenant's security groups + # allow ICMP for both project's security groups #source $TOP_DIR/openrc demo1 demo1 #$NOVA secgroup-add-rule default icmp -1 -1 0.0.0.0/0 #source $TOP_DIR/openrc demo2 demo2 @@ -251,10 +251,10 @@ function create_networks { } function create_vm { - local TENANT=$1 + local PROJECT=$1 local NUM=$2 local NET_NAMES=$3 - source $TOP_DIR/openrc $TENANT $TENANT + source $TOP_DIR/openrc $PROJECT $PROJECT local NIC="" for NET_NAME in ${NET_NAMES//,/ };do NIC="$NIC --nic net-id="`get_network_id $NET_NAME` @@ -265,13 +265,13 @@ function create_vm { VM_UUID=`nova boot --flavor $(get_flavor_id m1.tiny) \ --image $(get_image_id) \ $NIC \ - $TENANT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'` - die_if_not_set $LINENO VM_UUID "Failure launching $TENANT-server$NUM" + $PROJECT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'` + die_if_not_set $LINENO VM_UUID "Failure launching $PROJECT-server$NUM" confirm_server_active $VM_UUID } function create_vms { - foreach_tenant_vm 'create_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}' + foreach_project_vm 'create_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}' } function ping_ip { @@ -284,11 +284,11 @@ function ping_ip { } function check_vm { - local TENANT=$1 + local PROJECT=$1 local NUM=$2 - local VM_NAME="$TENANT-server$NUM" + local VM_NAME="$PROJECT-server$NUM" local NET_NAME=$3 - source $TOP_DIR/openrc $TENANT $TENANT + source $TOP_DIR/openrc $PROJECT $PROJECT ping_ip $VM_NAME $NET_NAME # TODO (nati) test ssh connection # TODO (nati) test inter connection between vm @@ -297,31 +297,31 @@ function check_vm { } function check_vms { - foreach_tenant_vm 'check_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}' + foreach_project_vm 'check_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}' } function shutdown_vm { - local TENANT=$1 + local PROJECT=$1 local NUM=$2 - source $TOP_DIR/openrc $TENANT $TENANT - VM_NAME=${TENANT}-server$NUM + source $TOP_DIR/openrc $PROJECT $PROJECT + VM_NAME=${PROJECT}-server$NUM nova delete $VM_NAME } function shutdown_vms { - foreach_tenant_vm 'shutdown_vm ${%TENANT%_NAME} %NUM%' + foreach_project_vm 'shutdown_vm ${%PROJECT%_NAME} %NUM%' if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then die $LINENO "Some VMs failed to shutdown" fi } function delete_network { - local TENANT=$1 + local PROJECT=$1 local NUM=$2 - local NET_NAME="${TENANT}-net$NUM" + local NET_NAME="${PROJECT}-net$NUM" source $TOP_DIR/openrc admin admin - local TENANT_ID - TENANT_ID=$(get_tenant_id $TENANT) + local PROJECT_ID + PROJECT_ID=$(get_project_id $PROJECT) #TODO(nati) comment out until l3-agent merged #for res in port subnet net router;do for net_id in `neutron net-list -c id -c name | grep $NET_NAME | awk '{print $2}'`;do @@ -333,7 +333,7 @@ function delete_network { } function delete_networks { - foreach_tenant_net 'delete_network ${%TENANT%_NAME} %NUM%' + foreach_project_net 'delete_network ${%PROJECT%_NAME} %NUM%' # TODO(nati) add secuirty group check after it is implemented # source $TOP_DIR/openrc demo1 demo1 # nova secgroup-delete-rule default icmp -1 -1 0.0.0.0/0 @@ -342,7 +342,7 @@ function delete_networks { } function create_all { - create_tenants + create_projects create_networks create_vms } @@ -350,7 +350,7 @@ function create_all { function delete_all { shutdown_vms delete_networks - delete_tenants_and_users + delete_projects_and_users } function all { @@ -366,8 +366,8 @@ function test_functions { IMAGE=$(get_image_id) echo $IMAGE - TENANT_ID=$(get_tenant_id demo) - echo $TENANT_ID + PROJECT_ID=$(get_project_id demo) + echo $PROJECT_ID FLAVOR_ID=$(get_flavor_id m1.tiny) echo $FLAVOR_ID @@ -382,11 +382,11 @@ function test_functions { function usage { echo "$0: [-h]" echo " -h, --help Display help message" - echo " -t, --tenant Create tenants" + echo " -t, --project Create projects" echo " -n, --net Create networks" echo " -v, --vm Create vms" echo " -c, --check Check connection" - echo " -x, --delete-tenants Delete tenants" + echo " -x, --delete-projects Delete projects" echo " -y, --delete-nets Delete networks" echo " -z, --delete-vms Delete vms" echo " -T, --test Test functions" @@ -412,7 +412,7 @@ function main { -v | --vm ) create_vms exit ;; - -t | --tenant ) create_tenants + -t | --project ) create_projects exit ;; -c | --check ) check_vms @@ -421,7 +421,7 @@ function main { -T | --test ) test_functions exit ;; - -x | --delete-tenants ) delete_tenants_and_users + -x | --delete-projects ) delete_projects_and_users exit ;; -y | --delete-nets ) delete_networks diff --git a/lib/cinder b/lib/cinder index e1e1f2a893..6401f2d59a 100644 --- a/lib/cinder +++ b/lib/cinder @@ -351,7 +351,7 @@ function configure_cinder { # Set os_privileged_user credentials (used for os-assisted-snapshots) iniset $CINDER_CONF DEFAULT os_privileged_user_name nova iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD" - iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_TENANT_NAME" + iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME" iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" } diff --git a/lib/glance b/lib/glance index c248611aef..4df231009a 100644 --- a/lib/glance +++ b/lib/glance @@ -143,7 +143,7 @@ function configure_glance { iniset $GLANCE_API_CONF glance_store stores "file, http, swift" iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" - iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift + iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3 iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id default @@ -198,7 +198,7 @@ function configure_glance { iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0 iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name - iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME + iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password @@ -226,9 +226,9 @@ function configure_glance { # Project User Roles # --------------------------------------------------------------------- -# SERVICE_TENANT_NAME glance service -# SERVICE_TENANT_NAME glance-swift ResellerAdmin (if Swift is enabled) -# SERVICE_TENANT_NAME glance-search search (if Search is enabled) +# SERVICE_PROJECT_NAME glance service +# SERVICE_PROJECT_NAME glance-swift ResellerAdmin (if Swift is enabled) +# SERVICE_PROJECT_NAME glance-search search (if Search is enabled) function create_glance_accounts { if is_service_enabled g-api; then @@ -241,7 +241,7 @@ function create_glance_accounts { local glance_swift_user glance_swift_user=$(get_or_create_user "glance-swift" \ "$SERVICE_PASSWORD" "default" "glance-swift@example.com") - get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME + get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_PROJECT_NAME fi get_or_create_service "glance" "image" "Glance Image Service" diff --git a/lib/keystone b/lib/keystone index 7d5fd41f89..e33081cd9f 100644 --- a/lib/keystone +++ b/lib/keystone @@ -108,7 +108,7 @@ KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} # Bind hosts KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST} # Set the tenant for service accounts in Keystone -SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service} +SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service} # if we are running with SSL use https protocols if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then @@ -384,7 +384,7 @@ function create_keystone_accounts { get_or_add_user_domain_role $admin_role $admin_user default # Create service project/role - get_or_create_project "$SERVICE_TENANT_NAME" default + get_or_create_project "$SERVICE_PROJECT_NAME" default # Service role, so service users do not have to be admins get_or_create_role service @@ -458,7 +458,7 @@ function create_service_user { local user user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default) - get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME" + get_or_add_user_project_role "$role" "$user" "$SERVICE_PROJECT_NAME" } # Configure the service to use the auth token middleware. @@ -479,7 +479,7 @@ function configure_auth_token_middleware { iniset $conf_file $section username $admin_user iniset $conf_file $section password $SERVICE_PASSWORD iniset $conf_file $section user_domain_id default - iniset $conf_file $section project_name $SERVICE_TENANT_NAME + iniset $conf_file $section project_name $SERVICE_PROJECT_NAME iniset $conf_file $section project_domain_id default iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI diff --git a/lib/neutron-legacy b/lib/neutron-legacy index 539b9ff551..ebf9825a27 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -483,7 +483,7 @@ function create_nova_conf_neutron { iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME" iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD" iniset $NOVA_CONF neutron user_domain_name "Default" - iniset $NOVA_CONF neutron project_name "$SERVICE_TENANT_NAME" + iniset $NOVA_CONF neutron project_name "$SERVICE_PROJECT_NAME" iniset $NOVA_CONF neutron project_domain_name "Default" iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY" iniset $NOVA_CONF neutron region_name "$REGION_NAME" @@ -1169,7 +1169,7 @@ function _configure_neutron_service { iniset $NEUTRON_CONF nova username nova iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD iniset $NEUTRON_CONF nova user_domain_id default - iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME + iniset $NEUTRON_CONF nova project_name $SERVICE_PROJECT_NAME iniset $NEUTRON_CONF nova project_domain_id default iniset $NEUTRON_CONF nova region_name $REGION_NAME diff --git a/lib/nova b/lib/nova index cce538d3d7..fd458c5701 100644 --- a/lib/nova +++ b/lib/nova @@ -404,8 +404,8 @@ function configure_nova { # # Project User Roles # ------------------------------------------------------------------ -# SERVICE_TENANT_NAME nova admin -# SERVICE_TENANT_NAME nova ResellerAdmin (if Swift is enabled) +# SERVICE_PROJECT_NAME nova admin +# SERVICE_PROJECT_NAME nova ResellerAdmin (if Swift is enabled) function create_nova_accounts { # Nova @@ -444,7 +444,7 @@ function create_nova_accounts { if is_service_enabled swift; then # Nova needs ResellerAdmin role to download images when accessing # swift through the s3 api. - get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME + get_or_add_user_project_role ResellerAdmin nova $SERVICE_PROJECT_NAME fi fi diff --git a/lib/swift b/lib/swift index 947d2abdc0..b6c3ca49a3 100644 --- a/lib/swift +++ b/lib/swift @@ -450,7 +450,7 @@ auth_host = ${KEYSTONE_AUTH_HOST} auth_protocol = ${KEYSTONE_AUTH_PROTOCOL} cafile = ${SSL_BUNDLE_FILE} admin_user = swift -admin_tenant_name = ${SERVICE_TENANT_NAME} +admin_tenant_name = ${SERVICE_PROJECT_NAME} admin_password = ${SERVICE_PASSWORD} [filter:swift3] @@ -812,7 +812,7 @@ function swift_configure_tempurls { # note we are using swift credentials! OS_USERNAME=swift \ OS_PASSWORD=$SERVICE_PASSWORD \ - OS_PROJECT_NAME=$SERVICE_TENANT_NAME \ + OS_PROJECT_NAME=$SERVICE_PROJECT_NAME \ openstack object store account \ set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY" } diff --git a/openrc b/openrc index 9bc0fd77f4..460cf14756 100644 --- a/openrc +++ b/openrc @@ -1,9 +1,9 @@ #!/usr/bin/env bash # -# source openrc [username] [tenantname] +# source openrc [username] [projectname] # -# Configure a set of credentials for $TENANT/$USERNAME: -# Set OS_TENANT_NAME to override the default tenant 'demo' +# Configure a set of credentials for $PROJECT/$USERNAME: +# Set OS_PROJECT_NAME to override the default project 'demo' # Set OS_USERNAME to override the default user name 'demo' # Set ADMIN_PASSWORD to set the password for 'admin' and 'demo' @@ -14,7 +14,7 @@ if [[ -n "$1" ]]; then OS_USERNAME=$1 fi if [[ -n "$2" ]]; then - OS_TENANT_NAME=$2 + OS_PROJECT_NAME=$2 fi # Find the other rc files @@ -34,13 +34,17 @@ fi # Get some necessary configuration source $RC_DIR/lib/tls -# The introduction of Keystone to the OpenStack ecosystem has standardized the -# term **tenant** as the entity that owns resources. In some places references -# still exist to the original Nova term **project** for this use. Also, -# **tenant_name** is preferred to **tenant_id**. -export OS_TENANT_NAME=${OS_TENANT_NAME:-demo} +# The OpenStack ecosystem has standardized the term **project** as the +# entity that owns resources. In some places **tenant** remains +# referenced, but in all cases this just means **project**. We will +# warn if we need to turn on legacy **tenant** support to have a +# working environment. +export OS_PROJECT_NAME=${OS_PROJECT_NAME:-demo} -# In addition to the owning entity (tenant), nova stores the entity performing +echo "WARNING: setting legacy OS_TENANT_NAME to support cli tools." +export OS_TENANT_NAME=$OS_PROJECT_NAME + +# In addition to the owning entity (project), nova stores the entity performing # the action as the **user**. export OS_USERNAME=${OS_USERNAME:-demo} @@ -81,7 +85,7 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0} # Authenticating against an OpenStack cloud using Keystone returns a **Token** # and **Service Catalog**. The catalog contains the endpoints for all services -# the user/tenant has access to - including nova, glance, keystone, swift, ... +# the user/project has access to - including nova, glance, keystone, swift, ... # We currently recommend using the 2.0 *identity api*. # export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION} diff --git a/stack.sh b/stack.sh index 6dddea4e67..0be3585020 100755 --- a/stack.sh +++ b/stack.sh @@ -1210,7 +1210,7 @@ fi # Create an access key and secret key for Nova EC2 register image if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then - eval $(openstack ec2 credentials create --user nova --project $SERVICE_TENANT_NAME -f shell -c access -c secret) + eval $(openstack ec2 credentials create --user nova --project $SERVICE_PROJECT_NAME -f shell -c access -c secret) iniset $NOVA_CONF DEFAULT s3_access_key "$access" iniset $NOVA_CONF DEFAULT s3_secret_key "$secret" iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"