openstack/devstack
Code Issues Proposed changes
ceca15db4d
devstack/openrc
Clint Byrum 52a3bebcfc Do not set OS_CACERT if there is no CA cert 
In openrc, if we set OS_CACERT, some things will expect it to be there
in pre-flight checks. But it may very well be missing. This "fails
closed" because if we find the file, we try to use it, but if we don't
find the file, and the user thought we should be using it, we'll just
not be able to verify the server's name, and the libs will fail on that.

Change-Id: Ia5d06afa74bc645c2f19711cfa37e57a377c329b
Closes-Bug: #1452036
2015-05-06 13:54:42 -07:00

100 lines
3.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
#
# source openrc [username] [tenantname]
#
# Configure a set of credentials for $TENANT/$USERNAME:
# Set OS_TENANT_NAME to override the default tenant 'demo'
# Set OS_USERNAME to override the default user name 'demo'
# Set ADMIN_PASSWORD to set the password for 'admin' and 'demo'
# NOTE: support for the old NOVA_* novaclient environment variables has
# been removed.
if [[ -n "$1" ]]; then
OS_USERNAME=$1
fi
if [[ -n "$2" ]]; then
OS_TENANT_NAME=$2
fi
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
# Import common functions
source $RC_DIR/functions
# Load local configuration
source $RC_DIR/stackrc
# Load the last env variables if available
if [[ -r $RC_DIR/.stackenv ]]; then
source $RC_DIR/.stackenv
fi
# Get some necessary configuration
source $RC_DIR/lib/tls
# The introduction of Keystone to the OpenStack ecosystem has standardized the
# term **tenant** as the entity that owns resources. In some places references
# still exist to the original Nova term **project** for this use. Also,
# **tenant_name** is preferred to **tenant_id**.
export OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
# In addition to the owning entity (tenant), nova stores the entity performing
# the action as the **user**.
export OS_USERNAME=${OS_USERNAME:-demo}
# With Keystone you pass the keystone password instead of an api key.
# Recent versions of novaclient use OS_PASSWORD instead of NOVA_API_KEYs
# or NOVA_PASSWORD.
export OS_PASSWORD=${ADMIN_PASSWORD:-secrete}
# Don't put the key into a keyring by default. Testing for development is much
# easier with this off.
export OS_NO_CACHE=${OS_NO_CACHE:-1}
# Region
export OS_REGION_NAME=${REGION_NAME:-RegionOne}
# Set api HOST_IP endpoint. SERVICE_HOST may also be used to specify the endpoint,
# which is convenient for some localrc configurations.
HOST_IP=${HOST_IP:-127.0.0.1}
SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
# Some exercises call glance directly. On a single-node installation, Glance
# should be listening on HOST_IP. If its running elsewhere, it can be set here
GLANCE_HOST=${GLANCE_HOST:-$HOST_IP}
# Identity API version
export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
# the user/tenant has access to - including nova, glance, keystone, swift, ...
# We currently recommend using the 2.0 *identity api*.
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
# Set OS_CACERT to a default CA certificate chain if it exists.
if [[ ! -v OS_CACERT ]] ; then
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
# If the file does not exist, this may confuse preflight sanity checks
if [ -e $DEFAULT_OS_CACERT ] ; then
export OS_CACERT=$DEFAULT_OS_CACERT
fi
fi
# Currently novaclient needs you to specify the *compute api* version. This
# needs to match the config of your catalog returned by Keystone.
export NOVA_VERSION=${NOVA_VERSION:-1.1}
# In the future this will change names:
export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION}
# Currently cinderclient needs you to specify the *volume api* version. This
# needs to match the config of your catalog returned by Keystone.
export CINDER_VERSION=${CINDER_VERSION:-2}
export OS_VOLUME_API_VERSION=${OS_VOLUME_API_VERSION:-$CINDER_VERSION}
View Git Blame Copy Permalink