Merge "Adds support for multi-region"

README.md

@@ -330,6 +330,25 @@ which includes the following, with the IP address of the above controller node:
     Q_HOST=$SERVICE_HOST
     MATCHMAKER_REDIS_HOST=$SERVICE_HOST
 
+# Multi-Region Setup
+
+We want to setup two devstack (RegionOne and RegionTwo) with shared keystone
+(same users and services) and horizon.
+Keystone and Horizon will be located in RegionOne.
+Full spec is available at:
+https://wiki.openstack.org/wiki/Heat/Blueprints/Multi_Region_Support_for_Heat.
+
+In RegionOne:
+
+    REGION_NAME=RegionOne
+
+In RegionTwo:
+
+    disable_service horizon
+    KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
+    KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
+    REGION_NAME=RegionTwo
+
 # Cells
 
 Cells is a new scaling option with a full spec at:

functions-common

@@ -719,6 +719,109 @@ function policy_add {
     mv ${tmpfile} ${policy_file}
 }
 
+# Gets or creates user
+# Usage: get_or_create_user <username> <password> <project> <email>
+function get_or_create_user {
+    # Gets user id
+    USER_ID=$(
+        # Gets user id
+        openstack user show $1 -f value -c id 2>/dev/null ||
+        # Creates new user
+        openstack user create \
+            $1 \
+            --password "$2" \
+            --project $3 \
+            --email $4 \
+            -f value -c id
+    )
+    echo $USER_ID
+}
+
+# Gets or creates project
+# Usage: get_or_create_project <name>
+function get_or_create_project {
+    # Gets project id
+    PROJECT_ID=$(
+        # Gets project id
+        openstack project show $1 -f value -c id 2>/dev/null ||
+        # Creates new project if not exists
+        openstack project create $1 -f value -c id
+    )
+    echo $PROJECT_ID
+}
+
+# Gets or creates role
+# Usage: get_or_create_role <name>
+function get_or_create_role {
+    ROLE_ID=$(
+        # Gets role id
+        openstack role show $1 -f value -c id 2>/dev/null ||
+        # Creates role if not exists
+        openstack role create $1 -f value -c id
+    )
+    echo $ROLE_ID
+}
+
+# Gets or adds user role
+# Usage: get_or_add_user_role <role> <user> <project>
+function get_or_add_user_role {
+    # Gets user role id
+    USER_ROLE_ID=$(openstack user role list \
+        $2 \
+        --project $3 \
+        --column "ID" \
+        --column "Name" \
+        | grep " $1 " | get_field 1)
+    if [[ -z "$USER_ROLE_ID" ]]; then
+        # Adds role to user
+        USER_ROLE_ID=$(openstack role add \
+            $1 \
+            --user $2 \
+            --project $3 \
+            | grep " id " | get_field 2)
+    fi
+    echo $USER_ROLE_ID
+}
+
+# Gets or creates service
+# Usage: get_or_create_service <name> <type> <description>
+function get_or_create_service {
+    # Gets service id
+    SERVICE_ID=$(
+        # Gets service id
+        openstack service show $1 -f value -c id 2>/dev/null ||
+        # Creates new service if not exists
+        openstack service create \
+            $1 \
+            --type=$2 \
+            --description="$3" \
+            -f value -c id
+    )
+    echo $SERVICE_ID
+}
+
+# Gets or creates endpoint
+# Usage: get_or_create_endpoint <service> <region> <publicurl> <adminurl> <internalurl>
+function get_or_create_endpoint {
+    # Gets endpoint id
+    ENDPOINT_ID=$(openstack endpoint list \
+        --column "ID" \
+        --column "Region" \
+        --column "Service Name" \
+        | grep " $2 " \
+        | grep " $1 " | get_field 1)
+    if [[ -z "$ENDPOINT_ID" ]]; then
+        # Creates new endpoint
+        ENDPOINT_ID=$(openstack endpoint create \
+            $1 \
+            --region $2 \
+            --publicurl $3 \
+            --adminurl $4 \
+            --internalurl $5 \
+            | grep " id " | get_field 2)
+    fi
+    echo $ENDPOINT_ID
+}
 
 # Package Functions
 # =================

lib/ceilometer

@@ -84,35 +84,22 @@ create_ceilometer_accounts() {
 
     # Ceilometer
     if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
-        CEILOMETER_USER=$(openstack user create \
+        CEILOMETER_USER=$(get_or_create_user "ceilometer" \
-            ceilometer \
+            "$SERVICE_PASSWORD" $SERVICE_TENANT "ceilometer@example.com")
-            --password "$SERVICE_PASSWORD" \
+        get_or_add_user_role $ADMIN_ROLE $CEILOMETER_USER $SERVICE_TENANT
-            --project $SERVICE_TENANT \
+
-            --email ceilometer@example.com \
-            | grep " id " | get_field 2)
-        openstack role add \
-            $ADMIN_ROLE \
-            --project $SERVICE_TENANT \
-            --user $CEILOMETER_USER
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            CEILOMETER_SERVICE=$(openstack service create \
+            CEILOMETER_SERVICE=$(get_or_create_service "ceilometer" \
-                ceilometer \
+                "metering" "OpenStack Telemetry Service")
-                --type=metering \
+            get_or_create_endpoint $CEILOMETER_SERVICE \
-                --description="OpenStack Telemetry Service" \
+                "$REGION_NAME" \
-                | grep " id " | get_field 2)
+                "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
-            openstack endpoint create \
+                "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
-                $CEILOMETER_SERVICE \
+                "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
-                --region RegionOne \
-                --publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
-                --adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
-                --internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
         fi
         if is_service_enabled swift; then
             # Ceilometer needs ResellerAdmin role to access swift account stats.
-            openstack role add \
+            get_or_add_user_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
-                --project $SERVICE_TENANT_NAME \
-                --user ceilometer \
-                ResellerAdmin
         fi
     fi
 }

lib/cinder

@@ -339,39 +339,26 @@ function create_cinder_accounts {
 
     # Cinder
     if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
-        CINDER_USER=$(openstack user create \
+
-            cinder \
+        CINDER_USER=$(get_or_create_user "cinder" \
-            --password "$SERVICE_PASSWORD" \
+            "$SERVICE_PASSWORD" $SERVICE_TENANT "cinder@example.com")
-            --project $SERVICE_TENANT \
+        get_or_add_user_role $ADMIN_ROLE $CINDER_USER $SERVICE_TENANT
-            --email cinder@example.com \
+
-            | grep " id " | get_field 2)
-        openstack role add \
-            $ADMIN_ROLE \
-            --project $SERVICE_TENANT \
-            --user $CINDER_USER
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            CINDER_SERVICE=$(openstack service create \
+
-                cinder \
+            CINDER_SERVICE=$(get_or_create_service "cinder" \
-                --type=volume \
+                "volume" "Cinder Volume Service")
-                --description="Cinder Volume Service" \
+            get_or_create_endpoint $CINDER_SERVICE "$REGION_NAME" \
-                | grep " id " | get_field 2)
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
-            openstack endpoint create \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
-                $CINDER_SERVICE \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
-                --region RegionOne \
+
-                --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+            CINDER_V2_SERVICE=$(get_or_create_service "cinderv2" \
-                --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+                "volumev2" "Cinder Volume Service V2")
-                --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
+            get_or_create_endpoint $CINDER_V2_SERVICE "$REGION_NAME" \
-            CINDER_V2_SERVICE=$(openstack service create \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
-                cinderv2 \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
-                --type=volumev2 \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
-                --description="Cinder Volume Service V2" \
-                | grep " id " | get_field 2)
-            openstack endpoint create \
-                $CINDER_V2_SERVICE \
-                --region RegionOne \
-                --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
-                --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
-                --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
         fi
     fi
 }

lib/glance

@@ -164,36 +164,28 @@ function configure_glance {
 
 function create_glance_accounts {
     if is_service_enabled g-api; then
-        openstack user create \
+
-            --password "$SERVICE_PASSWORD" \
+        GLANCE_USER=$(get_or_create_user "glance" \
-            --project $SERVICE_TENANT_NAME \
+            "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance@example.com")
-            glance
+        get_or_add_user_role service $GLANCE_USER $SERVICE_TENANT_NAME
-        openstack role add \
+
-            --project $SERVICE_TENANT_NAME \
-            --user glance \
-            service
         # required for swift access
         if is_service_enabled s-proxy; then
-            openstack user create \
+
-                --password "$SERVICE_PASSWORD" \
+            GLANCE_SWIFT_USER=$(get_or_create_user "glance-swift" \
-                --project $SERVICE_TENANT_NAME \
+                "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance-swift@example.com")
-                glance-swift
+            get_or_add_user_role "ResellerAdmin" $GLANCE_SWIFT_USER $SERVICE_TENANT_NAME
-            openstack role add \
-                --project $SERVICE_TENANT_NAME \
-                --user glance-swift \
-                ResellerAdmin
         fi
+
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            openstack service create \
+
-                --type image \
+            GLANCE_SERVICE=$(get_or_create_service "glance" \
-                --description "Glance Image Service" \
+                "image" "Glance Image Service")
-                glance
+            get_or_create_endpoint $GLANCE_SERVICE \
-            openstack endpoint create \
+                "$REGION_NAME" \
-                --region RegionOne \
+                "http://$GLANCE_HOSTPORT" \
-                --publicurl "http://$GLANCE_HOSTPORT" \
+                "http://$GLANCE_HOSTPORT" \
-                --adminurl "http://$GLANCE_HOSTPORT" \
+                "http://$GLANCE_HOSTPORT"
-                --internalurl "http://$GLANCE_HOSTPORT" \
-                glance
         fi
     fi
 }

lib/heat

@@ -98,6 +98,8 @@ function configure_heat {
     iniset $HEAT_CONF database connection `database_connection_url heat`
     iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom`
 
+    iniset $HEAT_CONF DEFAULT region_name_for_services "$REGION_NAME"
+
     # logging
     iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
@@ -214,57 +216,44 @@ function create_heat_accounts {
     SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    HEAT_USER=$(openstack user create \
+    HEAT_USER=$(get_or_create_user "heat" \
-        heat \
+        "$SERVICE_PASSWORD" $SERVICE_TENANT "heat@example.com")
-        --password "$SERVICE_PASSWORD" \
+    get_or_add_user_role $ADMIN_ROLE $HEAT_USER $SERVICE_TENANT
-        --project $SERVICE_TENANT \
+
-        --email heat@example.com \
-        | grep " id " | get_field 2)
-    openstack role add \
-        $ADMIN_ROLE \
-        --project $SERVICE_TENANT \
-        --user $HEAT_USER
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-        HEAT_SERVICE=$(openstack service create \
+
-            heat \
+        HEAT_SERVICE=$(get_or_create_service "heat" \
-            --type=orchestration \
+                "orchestration" "Heat Orchestration Service")
-            --description="Heat Orchestration Service" \
+        get_or_create_endpoint $HEAT_SERVICE \
-            | grep " id " | get_field 2)
+            "$REGION_NAME" \
-        openstack endpoint create \
+            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
-                $HEAT_SERVICE \
+            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
-                --region RegionOne \
+            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
-                --publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+
-                --adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+        HEAT_CFN_SERVICE=$(get_or_create_service "heat-cfn" \
-                --internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
+                "cloudformation" "Heat CloudFormation Service")
-        HEAT_CFN_SERVICE=$(openstack service create \
+        get_or_create_endpoint $HEAT_CFN_SERVICE \
-            heat \
+            "$REGION_NAME" \
-            --type=cloudformation \
+            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
-            --description="Heat CloudFormation Service" \
+            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
-            | grep " id " | get_field 2)
+            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
-        openstack endpoint create \
-                $HEAT_CFN_SERVICE \
-                --region RegionOne \
-                --publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
-                --adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
-                --internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
     fi
 
     # heat_stack_user role is for users created by Heat
-    openstack role create heat_stack_user
+    get_or_create_role "heat_stack_user"
 
     if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
+
         # heat_stack_owner role is given to users who create Heat stacks,
         # it's the default role used by heat to delegate to the heat service
         # user (for performing deferred operations via trusts), see heat.conf
-        HEAT_OWNER_ROLE=$(openstack role create \
+        HEAT_OWNER_ROLE=$(get_or_create_role "heat_stack_owner")
-            heat_stack_owner \
-            | grep " id " | get_field 2)
 
         # Give the role to the demo and admin users so they can create stacks
         # in either of the projects created by devstack
-        openstack role add $HEAT_OWNER_ROLE --project demo --user demo
+        get_or_add_user_role $HEAT_OWNER_ROLE demo demo
-        openstack role add $HEAT_OWNER_ROLE --project demo --user admin
+        get_or_add_user_role $HEAT_OWNER_ROLE admin demo
-        openstack role add $HEAT_OWNER_ROLE --project admin --user admin
+        get_or_add_user_role $HEAT_OWNER_ROLE admin admin
         iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
     fi
 
@@ -272,21 +261,27 @@ function create_heat_accounts {
         # Note we have to pass token/endpoint here because the current endpoint and
         # version negotiation in OSC means just --os-identity-api-version=3 won't work
         KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3"
-        D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
-            --os-identity-api-version=3 domain create heat \
-            --description "Owns users and projects created by heat" \
-            | grep ' id ' | get_field 2)
-        iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}
 
-        openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+        D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
-            --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
+            --os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
-            --domain $D_ID heat_domain_admin \
+
-            --description "Manages users and projects created by heat"
+        if [[ -z "$D_ID" ]]; then
-        openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+            D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
-            --os-identity-api-version=3 role add \
+                --os-identity-api-version=3 domain create heat \
-            --user heat_domain_admin --domain ${D_ID} admin
+                --description "Owns users and projects created by heat" \
-        iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
+                | grep ' id ' | get_field 2)
-        iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
+            iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}
+
+            openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+                --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
+                --domain $D_ID heat_domain_admin \
+                --description "Manages users and projects created by heat"
+            openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+                --os-identity-api-version=3 role add \
+                --user heat_domain_admin --domain ${D_ID} admin
+            iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
+            iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
+        fi
     fi
 }
 

lib/ironic

@@ -223,28 +223,21 @@ function create_ironic_accounts {
 
     # Ironic
     if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
-        IRONIC_USER=$(openstack user create \
+        # Get ironic user if exists
-            ironic \
+
-            --password "$SERVICE_PASSWORD" \
+        IRONIC_USER=$(get_or_create_user "ironic" \
-            --project $SERVICE_TENANT \
+            "$SERVICE_PASSWORD" $SERVICE_TENANT "ironic@example.com")
-            --email ironic@example.com \
+        get_or_add_user_role $ADMIN_ROLE $IRONIC_USER $SERVICE_TENANT
-            | grep " id " | get_field 2)
+
-        openstack role add \
-            $ADMIN_ROLE \
-            --project $SERVICE_TENANT \
-            --user $IRONIC_USER
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            IRONIC_SERVICE=$(openstack service create \
+
-                ironic \
+            IRONIC_SERVICE=$(get_or_create_service "ironic" \
-                --type=baremetal \
+                "baremetal" "Ironic baremetal provisioning service")
-                --description="Ironic baremetal provisioning service" \
+            get_or_create_endpoint $IRONIC_SERVICE \
-                | grep " id " | get_field 2)
+                "$REGION_NAME" \
-            openstack endpoint create \
+                "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
-                $IRONIC_SERVICE \
+                "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
-                --region RegionOne \
+                "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
-                --publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
-                --adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
-                --internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
         fi
     fi
 }

lib/keystone

@@ -278,6 +278,8 @@ function configure_keystone {
         iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s"
         _config_keystone_apache_wsgi
     fi
+
+    iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
 }
 
 function configure_keystone_extensions {
@@ -316,79 +318,55 @@ function configure_keystone_extensions {
 function create_keystone_accounts {
 
     # admin
-    ADMIN_TENANT=$(openstack project create \
+    ADMIN_TENANT=$(get_or_create_project "admin")
-        admin \
+    ADMIN_USER=$(get_or_create_user "admin" \
-        | grep " id " | get_field 2)
+        "$ADMIN_PASSWORD" "$ADMIN_TENANT" "admin@example.com")
-    ADMIN_USER=$(openstack user create \
+    ADMIN_ROLE=$(get_or_create_role "admin")
-        admin \
+    get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $ADMIN_TENANT
-        --project "$ADMIN_TENANT" \
-        --email admin@example.com \
-        --password "$ADMIN_PASSWORD" \
-        | grep " id " | get_field 2)
-    ADMIN_ROLE=$(openstack role create \
-        admin \
-        | grep " id " | get_field 2)
-    openstack role add \
-        $ADMIN_ROLE \
-        --project $ADMIN_TENANT \
-        --user $ADMIN_USER
 
     # Create service project/role
-    openstack project create $SERVICE_TENANT_NAME
+    get_or_create_project "$SERVICE_TENANT_NAME"
 
     # Service role, so service users do not have to be admins
-    openstack role create service
+    get_or_create_role service
 
     # The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
     # The admin role in swift allows a user to act as an admin for their tenant,
     # but ResellerAdmin is needed for a user to act as any tenant. The name of this
     # role is also configurable in swift-proxy.conf
-    openstack role create ResellerAdmin
+    get_or_create_role ResellerAdmin
 
     # The Member role is used by Horizon and Swift so we need to keep it:
-    MEMBER_ROLE=$(openstack role create \
+    MEMBER_ROLE=$(get_or_create_role "Member")
-        Member \
+
-        | grep " id " | get_field 2)
     # ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
     # TODO(sleepsonthefloor): show how this can be used for rbac in the future!
-    ANOTHER_ROLE=$(openstack role create \
+
-        anotherrole \
+    ANOTHER_ROLE=$(get_or_create_role "anotherrole")
-        | grep " id " | get_field 2)
 
     # invisible tenant - admin can't see this one
-    INVIS_TENANT=$(openstack project create \
+    INVIS_TENANT=$(get_or_create_project "invisible_to_admin")
-        invisible_to_admin \
-        | grep " id " | get_field 2)
 
     # demo
-    DEMO_TENANT=$(openstack project create \
+    DEMO_TENANT=$(get_or_create_project "demo")
-        demo \
+    DEMO_USER=$(get_or_create_user "demo" \
-        | grep " id " | get_field 2)
+        "$ADMIN_PASSWORD" "$DEMO_TENANT" "demo@example.com")
-    DEMO_USER=$(openstack user create \
-        demo \
-        --project $DEMO_TENANT \
-        --email demo@example.com \
-        --password "$ADMIN_PASSWORD" \
-        | grep " id " | get_field 2)
 
-    openstack role add --project $DEMO_TENANT --user $DEMO_USER $MEMBER_ROLE
+    get_or_add_user_role $MEMBER_ROLE $DEMO_USER $DEMO_TENANT
-    openstack role add --project $DEMO_TENANT --user $ADMIN_USER $ADMIN_ROLE
+    get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $DEMO_TENANT
-    openstack role add --project $DEMO_TENANT --user $DEMO_USER $ANOTHER_ROLE
+    get_or_add_user_role $ANOTHER_ROLE $DEMO_USER $DEMO_TENANT
-    openstack role add --project $INVIS_TENANT --user $DEMO_USER $MEMBER_ROLE
+    get_or_add_user_role $MEMBER_ROLE $DEMO_USER $INVIS_TENANT
 
     # Keystone
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-        KEYSTONE_SERVICE=$(openstack service create \
+
-            keystone \
+        KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
-            --type identity \
+            "identity" "Keystone Identity Service")
-            --description "Keystone Identity Service" \
+        get_or_create_endpoint $KEYSTONE_SERVICE \
-            | grep " id " | get_field 2)
+            "$REGION_NAME" \
-        openstack endpoint create \
+            "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
-            $KEYSTONE_SERVICE \
+            "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
-            --region RegionOne \
+            "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
-            --publicurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
-            --adminurl "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
-            --internalurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
     fi
 }
 

lib/marconi

@@ -178,29 +178,19 @@ function create_marconi_accounts {
     SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    MARCONI_USER=$(openstack user create \
+    MARCONI_USER=$(get_or_create_user "marconi" \
-        marconi \
+        "$SERVICE_PASSWORD" $SERVICE_TENANT "marconi@example.com")
-        --password "$SERVICE_PASSWORD" \
+    get_or_add_user_role $ADMIN_ROLE $MARCONI_USER $SERVICE_TENANT
-        --project $SERVICE_TENANT \
-        --email marconi@example.com \
-        | grep " id " | get_field 2)
-    openstack role add \
-        $ADMIN_ROLE \
-        --project $SERVICE_TENANT \
-        --user $MARCONI_USER
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-        MARCONI_SERVICE=$(openstack service create \
+
-            marconi \
+        MARCONI_SERVICE=$(get_or_create_service "marconi" \
-            --type=queuing \
+            "queuing" "Marconi Service")
-            --description="Marconi Service" \
+        get_or_create_endpoint $MARCONI_SERVICE \
-            | grep " id " | get_field 2)
+            "$REGION_NAME" \
-        openstack endpoint create \
+            "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
-            $MARCONI_SERVICE \
+            "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
-            --region RegionOne \
+            "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT"
-            --publicurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
-            --adminurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
-            --internalurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT"
     fi
 
 }

lib/neutron

@@ -307,7 +307,7 @@ function create_nova_conf_neutron {
     iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
     iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
     iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
-    iniset $NOVA_CONF neutron region_name "RegionOne"
+    iniset $NOVA_CONF neutron region_name "$REGION_NAME"
     iniset $NOVA_CONF neutron url "http://$Q_HOST:$Q_PORT"
 
     if [[ "$Q_USE_SECGROUP" == "True" ]]; then
@@ -350,28 +350,20 @@ function create_neutron_accounts {
     ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
 
     if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
-        NEUTRON_USER=$(openstack user create \
+
-            neutron \
+        NEUTRON_USER=$(get_or_create_user "neutron" \
-            --password "$SERVICE_PASSWORD" \
+            "$SERVICE_PASSWORD" $SERVICE_TENANT "neutron@example.com")
-            --project $SERVICE_TENANT \
+        get_or_add_user_role $ADMIN_ROLE $NEUTRON_USER $SERVICE_TENANT
-            --email neutron@example.com \
+
-            | grep " id " | get_field 2)
-        openstack role add \
-            $ADMIN_ROLE \
-            --project $SERVICE_TENANT \
-            --user $NEUTRON_USER
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            NEUTRON_SERVICE=$(openstack service create \
+
-                neutron \
+            NEUTRON_SERVICE=$(get_or_create_service "neutron" \
-                --type=network \
+                "network" "Neutron Service")
-                --description="Neutron Service" \
+            get_or_create_endpoint $NEUTRON_SERVICE \
-                | grep " id " | get_field 2)
+                "$REGION_NAME" \
-            openstack endpoint create \
+                "http://$SERVICE_HOST:9696/" \
-                $NEUTRON_SERVICE \
+                "http://$SERVICE_HOST:9696/" \
-                --region RegionOne \
+                "http://$SERVICE_HOST:9696/"
-                --publicurl "http://$SERVICE_HOST:9696/" \
-                --adminurl "http://$SERVICE_HOST:9696/" \
-                --internalurl "http://$SERVICE_HOST:9696/"
         fi
     fi
 }

lib/nova

@@ -333,39 +333,28 @@ create_nova_accounts() {
 
     # Nova
     if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
-        NOVA_USER=$(openstack user create \
+
-            nova \
+        NOVA_USER=$(get_or_create_user "nova" \
-            --password "$SERVICE_PASSWORD" \
+            "$SERVICE_PASSWORD" $SERVICE_TENANT "nova@example.com")
-            --project $SERVICE_TENANT \
+        get_or_add_user_role $ADMIN_ROLE $NOVA_USER $SERVICE_TENANT
-            --email nova@example.com \
+
-            | grep " id " | get_field 2)
-        openstack role add \
-            $ADMIN_ROLE \
-            --project $SERVICE_TENANT \
-            --user $NOVA_USER
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            NOVA_SERVICE=$(openstack service create \
+
-                nova \
+            NOVA_SERVICE=$(get_or_create_service "nova" \
-                --type=compute \
+                "compute" "Nova Compute Service")
-                --description="Nova Compute Service" \
+            get_or_create_endpoint $NOVA_SERVICE \
-                | grep " id " | get_field 2)
+                "$REGION_NAME" \
-            openstack endpoint create \
+                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
-                $NOVA_SERVICE \
+                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
-                --region RegionOne \
+                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
-                --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
+
-                --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
+            NOVA_V3_SERVICE=$(get_or_create_service "novav3" \
-                --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
+                "computev3" "Nova Compute Service V3")
-            NOVA_V3_SERVICE=$(openstack service create \
+            get_or_create_endpoint $NOVA_V3_SERVICE \
-                novav3 \
+                "$REGION_NAME" \
-                --type=computev3 \
+                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
-                --description="Nova Compute Service V3" \
+                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
-                | grep " id " | get_field 2)
+                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3"
-            openstack endpoint create \
-                $NOVA_V3_SERVICE \
-                --region RegionOne \
-                --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
-                --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
-                --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3"
         fi
     fi
 
@@ -374,40 +363,32 @@ create_nova_accounts() {
         if is_service_enabled swift; then
             # Nova needs ResellerAdmin role to download images when accessing
             # swift through the s3 api.
-            openstack role add \
+            get_or_add_user_role ResellerAdmin nova $SERVICE_TENANT_NAME
-                --project $SERVICE_TENANT_NAME \
-                --user nova \
-                ResellerAdmin
         fi
 
         # EC2
         if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
-            openstack service create \
+
-                --type ec2 \
+            EC2_SERVICE=$(get_or_create_service "ec2" \
-                --description "EC2 Compatibility Layer" \
+                "ec2" "EC2 Compatibility Layer")
-                ec2
+            get_or_create_endpoint $EC2_SERVICE \
-            openstack endpoint create \
+                "$REGION_NAME" \
-                --region RegionOne \
+                "http://$SERVICE_HOST:8773/services/Cloud" \
-                --publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
+                "http://$SERVICE_HOST:8773/services/Admin" \
-                --adminurl "http://$SERVICE_HOST:8773/services/Admin" \
+                "http://$SERVICE_HOST:8773/services/Cloud"
-                --internalurl "http://$SERVICE_HOST:8773/services/Cloud" \
-                ec2
         fi
     fi
 
     # S3
     if is_service_enabled n-obj swift3; then
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            openstack service create \
+
-                --type s3 \
+            S3_SERVICE=$(get_or_create_service "s3" "s3" "S3")
-                --description "S3" \
+            get_or_create_endpoint $S3_SERVICE \
-                s3
+                "$REGION_NAME" \
-            openstack endpoint create \
+                "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
-                --region RegionOne \
+                "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
-                --publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
+                "http://$SERVICE_HOST:$S3_SERVICE_PORT"
-                --adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
-                --internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
-                s3
         fi
     fi
 }

lib/sahara

@@ -60,29 +60,19 @@ function create_sahara_accounts {
     SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    SAHARA_USER=$(openstack user create \
+    SAHARA_USER=$(get_or_create_user "sahara" \
-        sahara \
+        "$SERVICE_PASSWORD" $SERVICE_TENANT "sahara@example.com")
-        --password "$SERVICE_PASSWORD" \
+    get_or_add_user_role $ADMIN_ROLE $SAHARA_USER $SERVICE_TENANT
-        --project $SERVICE_TENANT \
-        --email sahara@example.com \
-        | grep " id " | get_field 2)
-    openstack role add \
-        $ADMIN_ROLE \
-        --project $SERVICE_TENANT \
-        --user $SAHARA_USER
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-        SAHARA_SERVICE=$(openstack service create \
+
-            sahara \
+        SAHARA_SERVICE=$(get_or_create_service "sahara" \
-            --type=data_processing \
+            "data_processing" "Sahara Data Processing")
-            --description="Sahara Data Processing" \
+        get_or_create_endpoint $SAHARA_SERVICE \
-            | grep " id " | get_field 2)
+            "$REGION_NAME" \
-        openstack endpoint create \
+            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            $SAHARA_SERVICE \
+            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            --region RegionOne \
+            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
-            --publicurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            --adminurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            --internalurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
     fi
 }
 

lib/swift

@@ -547,50 +547,40 @@ function create_swift_accounts {
     SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    SWIFT_USER=$(openstack user create \
+    SWIFT_USER=$(get_or_create_user "swift" \
-        swift \
+        "$SERVICE_PASSWORD" $SERVICE_TENANT "swift@example.com")
-        --password "$SERVICE_PASSWORD" \
+    get_or_add_user_role $ADMIN_ROLE $SWIFT_USER $SERVICE_TENANT
-        --project $SERVICE_TENANT \
-        --email=swift@example.com \
-        | grep " id " | get_field 2)
-    openstack role add \
-        $ADMIN_ROLE \
-        --project $SERVICE_TENANT \
-        --user $SWIFT_USER
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-        SWIFT_SERVICE=$(openstack service create \
+
-            swift \
+        SWIFT_SERVICE=$(get_or_create_service "swift" \
-            --type="object-store" \
+            "object-store" "Swift Service")
-            --description="Swift Service" \
+        get_or_create_endpoint $SWIFT_SERVICE \
-            | grep " id " | get_field 2)
+            "$REGION_NAME" \
-        openstack endpoint create \
+            "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
-            $SWIFT_SERVICE \
+            "http://$SERVICE_HOST:8080" \
-            --region RegionOne \
+            "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
-            --publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
-            --adminurl "http://$SERVICE_HOST:8080" \
-            --internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
     fi
 
-    SWIFT_TENANT_TEST1=$(openstack project create swifttenanttest1 | grep " id " | get_field 2)
+    SWIFT_TENANT_TEST1=$(get_or_create_project swifttenanttest1)
     die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1"
-    SWIFT_USER_TEST1=$(openstack user create swiftusertest1 --password=$SWIFTUSERTEST1_PASSWORD \
+    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $SWIFTUSERTEST1_PASSWORD \
-        --project "$SWIFT_TENANT_TEST1" --email=test@example.com | grep " id " | get_field 2)
+        "$SWIFT_TENANT_TEST1" "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
-    openstack role add --user $SWIFT_USER_TEST1 --project $SWIFT_TENANT_TEST1 $ADMIN_ROLE
+    get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST1 $SWIFT_TENANT_TEST1
 
-    SWIFT_USER_TEST3=$(openstack user create swiftusertest3 --password=$SWIFTUSERTEST3_PASSWORD \
+    SWIFT_USER_TEST3=$(get_or_create_user swiftusertest3 $SWIFTUSERTEST3_PASSWORD \
-        --project "$SWIFT_TENANT_TEST1" --email=test3@example.com | grep " id " | get_field 2)
+        "$SWIFT_TENANT_TEST1" "test3@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3"
-    openstack role add --user $SWIFT_USER_TEST3 --project $SWIFT_TENANT_TEST1 $ANOTHER_ROLE
+    get_or_add_user_role $ANOTHER_ROLE $SWIFT_USER_TEST3 $SWIFT_TENANT_TEST1
 
-    SWIFT_TENANT_TEST2=$(openstack project create swifttenanttest2 | grep " id " | get_field 2)
+    SWIFT_TENANT_TEST2=$(get_or_create_project swifttenanttest2)
     die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2"
 
-    SWIFT_USER_TEST2=$(openstack user create swiftusertest2 --password=$SWIFTUSERTEST2_PASSWORD \
+    SWIFT_USER_TEST2=$(get_or_create_user swiftusertest2 $SWIFTUSERTEST2_PASSWORD \
-        --project "$SWIFT_TENANT_TEST2" --email=test2@example.com | grep " id " | get_field 2)
+        "$SWIFT_TENANT_TEST2" "test2@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2"
-    openstack role add --user $SWIFT_USER_TEST2 --project $SWIFT_TENANT_TEST2 $ADMIN_ROLE
+    get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST2 $SWIFT_TENANT_TEST2
 }
 
 # init_swift() - Initialize rings

lib/tempest

@@ -397,16 +397,9 @@ function create_tempest_accounts {
     if is_service_enabled tempest; then
         # Tempest has some tests that validate various authorization checks
         # between two regular users in separate tenants
-        openstack project create \
+        get_or_create_project alt_demo
-            alt_demo
+        get_or_create_user alt_demo "$ADMIN_PASSWORD" alt_demo "alt_demo@example.com"
-        openstack user create \
+        get_or_add_user_role Member alt_demo alt_demo
-            --project alt_demo \
-            --password "$ADMIN_PASSWORD" \
-            alt_demo
-        openstack role add \
-            --project alt_demo \
-            --user alt_demo \
-            Member
     fi
 }
 

lib/trove

@@ -81,28 +81,20 @@ function create_trove_accounts {
     SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
 
     if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
-        TROVE_USER=$(openstack user create \
+
-            trove \
+        TROVE_USER=$(get_or_create_user "trove" \
-            --password "$SERVICE_PASSWORD" \
+            "$SERVICE_PASSWORD" $SERVICE_TENANT "trove@example.com")
-            --project $SERVICE_TENANT \
+        get_or_add_user_role $SERVICE_ROLE $TROVE_USER $SERVICE_TENANT
-            --email trove@example.com \
+
-            | grep " id " | get_field 2)
-        openstack role add \
-            $SERVICE_ROLE \
-            --project $SERVICE_TENANT \
-            --user $TROVE_USER
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            TROVE_SERVICE=$(openstack service create \
+
-                trove \
+            TROVE_SERVICE=$(get_or_create_service "trove" \
-                --type=database \
+                "database" "Trove Service")
-                --description="Trove Service" \
+            get_or_create_endpoint $TROVE_SERVICE \
-                | grep " id " | get_field 2)
+                "$REGION_NAME" \
-            openstack endpoint create \
+                "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
-                $TROVE_SERVICE \
+                "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
-                --region RegionOne \
+                "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
-                --publicurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
-                --adminurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
-                --internalurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
         fi
     fi
 }

openrc

@@ -53,12 +53,16 @@ export OS_PASSWORD=${ADMIN_PASSWORD:-secrete}
 # easier with this off.
 export OS_NO_CACHE=${OS_NO_CACHE:-1}
 
+# Region
+export OS_REGION_NAME=${REGION_NAME:-RegionOne}
+
 # Set api HOST_IP endpoint.  SERVICE_HOST may also be used to specify the endpoint,
 # which is convenient for some localrc configurations.
 HOST_IP=${HOST_IP:-127.0.0.1}
 SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
 SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
 KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
+KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
 
 # Some exercises call glance directly.  On a single-node installation, Glance
 # should be listening on HOST_IP.  If its running elsewhere, it can be set here
@@ -72,7 +76,7 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
 # the user/tenant has access to - including nova, glance, keystone, swift, ...
 # We currently recommend using the 2.0 *identity api*.
 #
-export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:5000/v${OS_IDENTITY_API_VERSION}
+export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
 
 # Set the pointer to our CA certificate chain.  Harmless if TLS is not used.
 export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem}

stack.sh

@@ -729,8 +729,10 @@ git_clone $OPENSTACKCLIENT_REPO $OPENSTACKCLIENT_DIR $OPENSTACKCLIENT_BRANCH
 setup_develop $OPENSTACKCLIENT_DIR
 
 if is_service_enabled key; then
-    install_keystone
+    if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
-    configure_keystone
+        install_keystone
+        configure_keystone
+    fi
 fi
 
 if is_service_enabled s-proxy; then
@@ -929,8 +931,11 @@ fi
 
 if is_service_enabled key; then
     echo_summary "Starting Keystone"
-    init_keystone
+
-    start_keystone
+    if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
+        init_keystone
+        start_keystone
+    fi
 
     # Set up a temporary admin URI for Keystone
     SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
@@ -971,6 +976,7 @@ if is_service_enabled key; then
     export OS_TENANT_NAME=admin
     export OS_USERNAME=admin
     export OS_PASSWORD=$ADMIN_PASSWORD
+    export OS_REGION_NAME=$REGION_NAME
 fi
 
 

stackrc

@@ -19,6 +19,9 @@ else
     STACK_USER=$(whoami)
 fi
 
+# Specify region name Region
+REGION_NAME=${REGION_NAME:-RegionOne}
+
 # Specify which services to launch.  These generally correspond to
 # screen tabs. To change the default list, use the ``enable_service`` and
 # ``disable_service`` functions in ``local.conf``.