Some echo message contain error or warning message which better be contain in
stderr. And futher more some error message already contain in stderr, but for
error message reader, the following information for that echo should be
contained as well.
Change-Id: I2aac631df19829218d446150c91cf6d50aa5e7e7
Keystone shell is deprecated in this release, use openstack client
in heat-keystone-setup. And add a deprecation warning to this
script.
Change-Id: I11334f0c8b035723a11f42bcfea054fc358a3e9f
Closes-Bug: #1460884
Since the later logic will add role if the user role is not
found. "die_if_not_set" check will exit the main script.
Closes-Bug: #1389714
Change-Id: I995cf357d09267fee55e44575e3e301bcffebca3
Unset OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT temporarily to make
sure this command can run even if the OS_SERVICE_TOKEN and
OS_SERVICE_ENDPOIN exist in shell environment.
Remove die_if_not_set in get_data function, because there maybe no
data in get_data function, for example, if the heat user does not
exist, the die_if_not_set will be in error.
Remove die_if_not_set after keystone user-list for the same reason.
Change-Id: I132f975ac2da21e6ad7431ae326ad9bd538e4696
Closes-Bug: #1266670
get_column_num function searches the second line of command output,
to get the field number for a specific field.
But output of 'keystone user-list' may have an extra line: 'WARNING:
Bypassing authentication using a token & endpoint ...'
This messes up the functionality of get_column_num function
Closes-bug: #1260556
Change-Id: I8c6e7f939466154c5e31e6f019e20fb855e15878
Warn users, if heat-keystone-setup can only use localhost as $SERVICE_HOST.
And remove an extra whitespace.
Change-Id: I1b2a1b93212b6ab0ca092bb6c834255ee75176ca
When running heat-keystone-setup for the first time after (re)installing
openstack folsom, it fails, because the user-role-list is running *as* the
heat user, not reading the roles assigned to the heat user, which fails
because on a new install the heat user does not have the admin role.
Using the credentials from the environment means we run the command as
admin, but --user_id selects the roles for the heat user.
Change-Id: Ib2733e63f664d75be1e2e3bd43038bbd1dbebde8
Signed-off-by: Steven Hardy <shardy@redhat.com>
Change heat_instance role name to heat_stack_user after discussions
Change-Id: I14e95df0e02d82566f4758510ae38f6b26ccb532
Signed-off-by: Steven Hardy <shardy@redhat.com>
Add "heat_instance" role which we will assign all "instance users"
to in the engine when we create them
Ref #279
Change-Id: If7cc07c605f7696c1e9f617dbfca1b81d5b04196
Signed-off-by: Steven Hardy <shardy@redhat.com>
Keystone user-role-add syntax is not the same on essex
and folsom, so try both formats so we can work with either
Removes potentially unreliable approach to detecting keystone
version, and also avoids error on folsom when the user already
has the specified role
Fixes #272
Change-Id: Iece52223a29069a1fd517018cc49613be6fac318
Signed-off-by: Steven Hardy <shardy@redhat.com>
Folsom version of keystoneclient orders the columns for
keystone user-list differently, so we need to detect the
new format to extract the correct field
Fixes #273
Change-Id: I46f653dd3a8f7b5a68648fbd72671f95b386a547
Signed-off-by: Steven Hardy <shardy@redhat.com>
Handle upgrades of Heat by removing any outdated endpoints that exist in
keystone and adding any existing "heat" service user to an admin role in
the service tenant.
Change-Id: If6393417b5404a56b4723f42fb1a1b394d01cc6a
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This is consistent with what is implemented in devstack.
Change-Id: If47c28ddbef1d6c61e2d741f359d850e4ecffaa9
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This is required so that the REST API can take over the orchestration service type.
This will break exiting setups until heat-keystone-setup is re-run.
There will be a corresponding update to devstack, which may be out of sync to this one.
Make remaining keystone script check installed version of Nova and use
proper arguments to keystone.
closes #252
Change-Id: Ie4709891c7ca89d73390a3474e3d10beab449395
Signed-off-by: Jeff Peeler <jpeeler@redhat.com>