Revert "Revert "Convert identity defaults to keystone v3 api""
This reverts commit f768787bdd6dddf2790f83a884618d29677ca77c. And sets OS_AUTH_VERSION so swift CLI doesn't fall flat when not using v2 keystone Change-Id: If44a7e0d85e48020a3c90d8c5c027513129f0f3b
This commit is contained in:
parent
d2999d0d0c
commit
050a0d5b30
@ -88,9 +88,9 @@ function write_clouds_yaml {
|
||||
--file $CLOUDS_YAML \
|
||||
--os-cloud devstack \
|
||||
--os-region-name $REGION_NAME \
|
||||
--os-identity-api-version $IDENTITY_API_VERSION \
|
||||
--os-identity-api-version 3 \
|
||||
$CA_CERT_ARG \
|
||||
--os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
|
||||
--os-auth-url $KEYSTONE_AUTH_URI \
|
||||
--os-username demo \
|
||||
--os-password $ADMIN_PASSWORD \
|
||||
--os-project-name demo
|
||||
@ -98,9 +98,9 @@ function write_clouds_yaml {
|
||||
--file $CLOUDS_YAML \
|
||||
--os-cloud devstack-admin \
|
||||
--os-region-name $REGION_NAME \
|
||||
--os-identity-api-version $IDENTITY_API_VERSION \
|
||||
--os-identity-api-version 3 \
|
||||
$CA_CERT_ARG \
|
||||
--os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
|
||||
--os-auth-url $KEYSTONE_AUTH_URI \
|
||||
--os-username admin \
|
||||
--os-password $ADMIN_PASSWORD \
|
||||
--os-project-name admin
|
||||
@ -735,16 +735,13 @@ function policy_add {
|
||||
# Usage: get_or_create_domain <name> <description>
|
||||
function get_or_create_domain {
|
||||
local domain_id
|
||||
local os_url="$KEYSTONE_SERVICE_URI_V3"
|
||||
# Gets domain id
|
||||
domain_id=$(
|
||||
# Gets domain id
|
||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
||||
--os-identity-api-version=3 domain show $1 \
|
||||
openstack domain show $1 \
|
||||
-f value -c id 2>/dev/null ||
|
||||
# Creates new domain
|
||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
||||
--os-identity-api-version=3 domain create $1 \
|
||||
openstack domain create $1 \
|
||||
--description "$2" \
|
||||
-f value -c id
|
||||
)
|
||||
@ -755,13 +752,11 @@ function get_or_create_domain {
|
||||
# Usage: get_or_create_group <groupname> <domain> [<description>]
|
||||
function get_or_create_group {
|
||||
local desc="${3:-}"
|
||||
local os_url="$KEYSTONE_SERVICE_URI_V3"
|
||||
local group_id
|
||||
# Gets group id
|
||||
group_id=$(
|
||||
# Creates new group with --or-show
|
||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
||||
--os-identity-api-version=3 group create $1 \
|
||||
openstack group create $1 \
|
||||
--domain $2 --description "$desc" --or-show \
|
||||
-f value -c id
|
||||
)
|
||||
@ -783,8 +778,6 @@ function get_or_create_user {
|
||||
openstack user create \
|
||||
$1 \
|
||||
--password "$2" \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--domain=$3 \
|
||||
$email \
|
||||
--or-show \
|
||||
@ -799,9 +792,7 @@ function get_or_create_project {
|
||||
local project_id
|
||||
project_id=$(
|
||||
# Creates new project with --or-show
|
||||
openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
project create $1 \
|
||||
openstack project create $1 \
|
||||
--domain=$2 \
|
||||
--or-show -f value -c id
|
||||
)
|
||||
@ -815,8 +806,6 @@ function get_or_create_role {
|
||||
role_id=$(
|
||||
# Creates role with --or-show
|
||||
openstack role create $1 \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--or-show -f value -c id
|
||||
)
|
||||
echo $role_id
|
||||
@ -829,8 +818,6 @@ function get_or_add_user_project_role {
|
||||
# Gets user role id
|
||||
user_role_id=$(openstack role list \
|
||||
--user $2 \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--column "ID" \
|
||||
--project $3 \
|
||||
--column "Name" \
|
||||
@ -839,13 +826,9 @@ function get_or_add_user_project_role {
|
||||
# Adds role to user and get it
|
||||
openstack role add $1 \
|
||||
--user $2 \
|
||||
--project $3 \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3
|
||||
--project $3
|
||||
user_role_id=$(openstack role list \
|
||||
--user $2 \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--column "ID" \
|
||||
--project $3 \
|
||||
--column "Name" \
|
||||
@ -860,21 +843,15 @@ function get_or_add_group_project_role {
|
||||
local group_role_id
|
||||
# Gets group role id
|
||||
group_role_id=$(openstack role list \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--group $2 \
|
||||
--project $3 \
|
||||
-c "ID" -f value)
|
||||
if [[ -z "$group_role_id" ]]; then
|
||||
# Adds role to group and get it
|
||||
openstack role add $1 \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--group $2 \
|
||||
--project $3
|
||||
group_role_id=$(openstack role list \
|
||||
--os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--group $2 \
|
||||
--project $3 \
|
||||
-c "ID" -f value)
|
||||
@ -892,8 +869,6 @@ function get_or_create_service {
|
||||
openstack service show $2 -f value -c id 2>/dev/null ||
|
||||
# Creates new service if not exists
|
||||
openstack service create \
|
||||
--os-url $KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
$2 \
|
||||
--name $1 \
|
||||
--description="$3" \
|
||||
@ -912,8 +887,6 @@ function _get_or_create_endpoint_with_interface {
|
||||
# gets support for this, the check for the region name can be removed.
|
||||
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
|
||||
endpoint_id=$(openstack endpoint list \
|
||||
--os-url $KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
--service $1 \
|
||||
--interface $2 \
|
||||
--region $4 \
|
||||
@ -921,8 +894,6 @@ function _get_or_create_endpoint_with_interface {
|
||||
if [[ -z "$endpoint_id" ]]; then
|
||||
# Creates new endpoint
|
||||
endpoint_id=$(openstack endpoint create \
|
||||
--os-url $KEYSTONE_SERVICE_URI_V3 \
|
||||
--os-identity-api-version=3 \
|
||||
$1 $2 $3 --region $4 -f value -c id)
|
||||
fi
|
||||
|
||||
|
@ -799,10 +799,10 @@ function stop_swift {
|
||||
|
||||
function swift_configure_tempurls {
|
||||
OS_USERNAME=swift \
|
||||
OS_TENANT_NAME=$SERVICE_TENANT_NAME \
|
||||
OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
|
||||
OS_PASSWORD=$SERVICE_PASSWORD \
|
||||
OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
|
||||
swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
|
||||
OS_AUTH_URL=$SERVICE_ENDPOINT \
|
||||
swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
|
||||
}
|
||||
|
||||
# Restore xtrace
|
||||
|
15
stack.sh
15
stack.sh
@ -973,13 +973,15 @@ if is_service_enabled keystone; then
|
||||
start_keystone
|
||||
fi
|
||||
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
# Set up a temporary admin URI for Keystone
|
||||
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
|
||||
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
|
||||
|
||||
if is_service_enabled tls-proxy; then
|
||||
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
|
||||
# Until the client support is fixed, just use the internal endpoint
|
||||
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
|
||||
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
|
||||
fi
|
||||
|
||||
# Setup OpenStackClient token-endpoint auth
|
||||
@ -1003,14 +1005,13 @@ if is_service_enabled keystone; then
|
||||
# Begone token auth
|
||||
unset OS_TOKEN OS_URL
|
||||
|
||||
# force set to use v2 identity authentication even with v3 commands
|
||||
export OS_AUTH_TYPE=v2password
|
||||
|
||||
# Set up password auth credentials now that Keystone is bootstrapped
|
||||
export OS_AUTH_URL=$SERVICE_ENDPOINT
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_AUTH_URL=$KEYSTONE_AUTH_URI
|
||||
export OS_USERNAME=admin
|
||||
export OS_USER_DOMAIN_ID=default
|
||||
export OS_PASSWORD=$ADMIN_PASSWORD
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_PROJECT_DOMAIN_ID=default
|
||||
export OS_REGION_NAME=$REGION_NAME
|
||||
fi
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user