diff --git a/lib/ceilometer b/lib/ceilometer index 4ca77bb72b..6c87d03b13 100644 --- a/lib/ceilometer +++ b/lib/ceilometer @@ -71,33 +71,33 @@ function is_ceilometer_enabled { create_ceilometer_accounts() { - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") # Ceilometer if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then - CEILOMETER_USER=$(keystone user-create \ - --name=ceilometer \ - --pass="$SERVICE_PASSWORD" \ - --tenant_id $SERVICE_TENANT \ - --email=ceilometer@example.com \ + CEILOMETER_USER=$(openstack user create \ + ceilometer \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email ceilometer@example.com \ | grep " id " | get_field 2) - keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user-id $CEILOMETER_USER \ - --role-id $ADMIN_ROLE + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $CEILOMETER_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - CEILOMETER_SERVICE=$(keystone service-create \ - --name=ceilometer \ + CEILOMETER_SERVICE=$(openstack service create \ + ceilometer \ --type=metering \ --description="OpenStack Telemetry Service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $CEILOMETER_SERVICE \ --region RegionOne \ - --service_id $CEILOMETER_SERVICE \ - --publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT" \ - --adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT" \ - --internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT" + --publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \ + --adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \ + --internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" fi fi } diff --git a/lib/cinder b/lib/cinder index d5e78bb39c..c8c90c098d 100644 --- a/lib/cinder +++ b/lib/cinder @@ -330,45 +330,44 @@ function configure_cinder() { # Migrated from keystone_data.sh create_cinder_accounts() { - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") # Cinder if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then - CINDER_USER=$(keystone user-create \ - --name=cinder \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=cinder@example.com \ + CINDER_USER=$(openstack user create \ + cinder \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email cinder@example.com \ | grep " id " | get_field 2) - keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user-id $CINDER_USER \ - --role-id $ADMIN_ROLE + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $CINDER_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - CINDER_SERVICE=$(keystone service-create \ - --name=cinder \ + CINDER_SERVICE=$(openstack service create \ + cinder \ --type=volume \ --description="Cinder Volume Service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $CINDER_SERVICE \ --region RegionOne \ - --service_id $CINDER_SERVICE \ --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" - CINDER_V2_SERVICE=$(keystone service-create \ - --name=cinderv2 \ + CINDER_V2_SERVICE=$(openstack service create \ + cinderv2 \ --type=volumev2 \ --description="Cinder Volume Service V2" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $CINDER_V2_SERVICE \ --region RegionOne \ - --service_id $CINDER_V2_SERVICE \ --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \ --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \ --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" - fi fi } diff --git a/lib/ironic b/lib/ironic index 3c0e3cbaf7..607b13125a 100644 --- a/lib/ironic +++ b/lib/ironic @@ -145,30 +145,30 @@ function create_ironic_cache_dir() { # service ironic admin # if enabled create_ironic_accounts() { - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") # Ironic if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then - IRONIC_USER=$(keystone user-create \ - --name=ironic \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=ironic@example.com \ + IRONIC_USER=$(openstack user create \ + ironic \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email ironic@example.com \ | grep " id " | get_field 2) - keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user_id $IRONIC_USER \ - --role_id $ADMIN_ROLE + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $IRONIC_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - IRONIC_SERVICE=$(keystone service-create \ - --name=ironic \ + IRONIC_SERVICE=$(openstack service create \ + ironic \ --type=baremetal \ --description="Ironic baremetal provisioning service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $IRONIC_SERVICE \ --region RegionOne \ - --service_id $IRONIC_SERVICE \ --publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ --adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ --internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" diff --git a/lib/keystone b/lib/keystone index 4f7f68b57f..bf0dcbb1bb 100644 --- a/lib/keystone +++ b/lib/keystone @@ -275,60 +275,69 @@ function configure_keystone() { create_keystone_accounts() { # admin - ADMIN_TENANT=$(keystone tenant-create \ - --name admin \ + ADMIN_TENANT=$(openstack project create \ + admin \ | grep " id " | get_field 2) - ADMIN_USER=$(keystone user-create \ - --name admin \ - --pass "$ADMIN_PASSWORD" \ + ADMIN_USER=$(openstack user create \ + admin \ + --project "$ADMIN_TENANT" \ --email admin@example.com \ + --password "$ADMIN_PASSWORD" \ | grep " id " | get_field 2) - ADMIN_ROLE=$(keystone role-create \ - --name admin \ + ADMIN_ROLE=$(openstack role create \ + admin \ | grep " id " | get_field 2) - keystone user-role-add \ - --user-id $ADMIN_USER \ - --role-id $ADMIN_ROLE \ - --tenant-id $ADMIN_TENANT + openstack role add \ + $ADMIN_ROLE \ + --project $ADMIN_TENANT \ + --user $ADMIN_USER # service - SERVICE_TENANT=$(keystone tenant-create \ - --name $SERVICE_TENANT_NAME \ + SERVICE_TENANT=$(openstack project create \ + $SERVICE_TENANT_NAME \ | grep " id " | get_field 2) # The Member role is used by Horizon and Swift so we need to keep it: - MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2) + MEMBER_ROLE=$(openstack role create \ + Member \ + | grep " id " | get_field 2) # ANOTHER_ROLE demonstrates that an arbitrary role may be created and used # TODO(sleepsonthefloor): show how this can be used for rbac in the future! - ANOTHER_ROLE=$(keystone role-create --name=anotherrole | grep " id " | get_field 2) + ANOTHER_ROLE=$(openstack role create \ + anotherrole \ + | grep " id " | get_field 2) # invisible tenant - admin can't see this one - INVIS_TENANT=$(keystone tenant-create --name=invisible_to_admin | grep " id " | get_field 2) + INVIS_TENANT=$(openstack project create \ + invisible_to_admin \ + | grep " id " | get_field 2) # demo - DEMO_TENANT=$(keystone tenant-create \ - --name=demo \ + DEMO_TENANT=$(openstack project create \ + demo \ | grep " id " | get_field 2) - DEMO_USER=$(keystone user-create \ - --name demo \ - --pass "$ADMIN_PASSWORD" \ + DEMO_USER=$(openstack user create \ + demo \ + --project $DEMO_TENANT \ --email demo@example.com \ + --password "$ADMIN_PASSWORD" \ | grep " id " | get_field 2) - keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT - keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT - keystone user-role-add --user-id $DEMO_USER --role-id $ANOTHER_ROLE --tenant-id $DEMO_TENANT - keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT + + openstack role add --project $DEMO_TENANT --user $DEMO_USER $MEMBER_ROLE + openstack role add --project $DEMO_TENANT --user $ADMIN_USER $ADMIN_ROLE + openstack role add --project $DEMO_TENANT --user $DEMO_USER $ANOTHER_ROLE + openstack role add --project $INVIS_TENANT --user $DEMO_USER $MEMBER_ROLE # Keystone if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - KEYSTONE_SERVICE=$(keystone service-create \ - --name keystone \ + KEYSTONE_SERVICE=$(openstack service create \ + keystone \ --type identity \ --description "Keystone Identity Service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $KEYSTONE_SERVICE \ --region RegionOne \ - --service_id $KEYSTONE_SERVICE \ --publicurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \ --adminurl "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \ --internalurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" diff --git a/lib/marconi b/lib/marconi index 7c8fd14255..88312cb1bd 100644 --- a/lib/marconi +++ b/lib/marconi @@ -151,27 +151,29 @@ function stop_marconi() { } function create_marconi_accounts() { - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - MARCONI_USER=$(get_id keystone user-create --name=marconi \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=marconi@example.com \ - | grep " id " | get_field 2) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $MARCONI_USER \ - --role-id $ADMIN_ROLE + MARCONI_USER=$(openstack user create \ + marconi \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email marconi@example.com \ + | grep " id " | get_field 2) + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $MARCONI_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - MARCONI_SERVICE=$(keystone service-create \ - --name=marconi \ + MARCONI_SERVICE=$(openstack service create \ + marconi \ --type=queuing \ --description="Marconi Service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $MARCONI_SERVICE \ --region RegionOne \ - --service_id $MARCONI_SERVICE \ --publicurl "http://$SERVICE_HOST:8888" \ --adminurl "http://$SERVICE_HOST:8888" \ --internalurl "http://$SERVICE_HOST:8888" diff --git a/lib/neutron b/lib/neutron index 5bd38bcf73..df276c71d5 100644 --- a/lib/neutron +++ b/lib/neutron @@ -332,29 +332,29 @@ function create_neutron_cache_dir() { # Migrated from keystone_data.sh function create_neutron_accounts() { - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then - NEUTRON_USER=$(keystone user-create \ - --name=neutron \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=neutron@example.com \ + NEUTRON_USER=$(openstack user create \ + neutron \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email neutron@example.com \ | grep " id " | get_field 2) - keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user-id $NEUTRON_USER \ - --role-id $ADMIN_ROLE + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $NEUTRON_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - NEUTRON_SERVICE=$(keystone service-create \ - --name=neutron \ + NEUTRON_SERVICE=$(openstack service create \ + neutron \ --type=network \ --description="Neutron Service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $NEUTRON_SERVICE \ --region RegionOne \ - --service_id $NEUTRON_SERVICE \ --publicurl "http://$SERVICE_HOST:9696/" \ --adminurl "http://$SERVICE_HOST:9696/" \ --internalurl "http://$SERVICE_HOST:9696/" @@ -363,7 +363,7 @@ function create_neutron_accounts() { } function create_neutron_initial_network() { - TENANT_ID=$(keystone tenant-list | grep " demo " | get_field 1) + TENANT_ID=$(openstack project list | grep " demo " | get_field 1) die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for demo" # Create a small network diff --git a/lib/nova b/lib/nova index d90aea7108..fefeda1236 100644 --- a/lib/nova +++ b/lib/nova @@ -324,41 +324,41 @@ function configure_nova() { # Migrated from keystone_data.sh create_nova_accounts() { - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") # Nova if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then - NOVA_USER=$(keystone user-create \ - --name=nova \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=nova@example.com \ + NOVA_USER=$(openstack user create \ + nova \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email nova@example.com \ | grep " id " | get_field 2) - keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user-id $NOVA_USER \ - --role-id $ADMIN_ROLE + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $NOVA_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - NOVA_SERVICE=$(keystone service-create \ - --name=nova \ + NOVA_SERVICE=$(openstack service create \ + nova \ --type=compute \ --description="Nova Compute Service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $NOVA_SERVICE \ --region RegionOne \ - --service_id $NOVA_SERVICE \ --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" - NOVA_V3_SERVICE=$(keystone service-create \ - --name=novav3 \ + NOVA_V3_SERVICE=$(openstack service create \ + novav3 \ --type=computev3 \ --description="Nova Compute Service V3" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $NOVA_V3_SERVICE \ --region RegionOne \ - --service_id $NOVA_V3_SERVICE \ --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" diff --git a/lib/savanna b/lib/savanna index 6f42311971..43c5e386fe 100644 --- a/lib/savanna +++ b/lib/savanna @@ -54,29 +54,29 @@ TEMPEST_SERVICES+=,savanna # service savanna admin function create_savanna_accounts() { - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - SAVANNA_USER=$(keystone user-create \ - --name=savanna \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=savanna@example.com \ + SAVANNA_USER=$(openstack user create \ + savanna \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email savanna@example.com \ | grep " id " | get_field 2) - keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user-id $SAVANNA_USER \ - --role-id $ADMIN_ROLE + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $SAVANNA_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - SAVANNA_SERVICE=$(keystone service-create \ - --name=savanna \ + SAVANNA_SERVICE=$(openstack service create \ + savanna \ --type=data_processing \ --description="Savanna Data Processing" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $SAVANNA_SERVICE \ --region RegionOne \ - --service_id $SAVANNA_SERVICE \ --publicurl "$SAVANNA_SERVICE_PROTOCOL://$SAVANNA_SERVICE_HOST:$SAVANNA_SERVICE_PORT/v1.1/\$(tenant_id)s" \ --adminurl "$SAVANNA_SERVICE_PROTOCOL://$SAVANNA_SERVICE_HOST:$SAVANNA_SERVICE_PORT/v1.1/\$(tenant_id)s" \ --internalurl "$SAVANNA_SERVICE_PROTOCOL://$SAVANNA_SERVICE_HOST:$SAVANNA_SERVICE_PORT/v1.1/\$(tenant_id)s" diff --git a/lib/swift b/lib/swift index be25c81468..df586abe8b 100644 --- a/lib/swift +++ b/lib/swift @@ -527,39 +527,53 @@ function create_swift_accounts() { KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql} - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - SWIFT_USER=$(keystone user-create --name=swift --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT --email=swift@example.com | grep " id " | get_field 2) - keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $SWIFT_USER --role-id $ADMIN_ROLE + SWIFT_USER=$(openstack user create \ + swift \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email=swift@example.com \ + | grep " id " | get_field 2) + openstack role add \ + $ADMIN_ROLE \ + --project $SERVICE_TENANT \ + --user $SWIFT_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - SWIFT_SERVICE=$(keystone service-create --name=swift --type="object-store" \ - --description="Swift Service" | grep " id " | get_field 2) - keystone endpoint-create \ + SWIFT_SERVICE=$(openstack service create \ + swift \ + --type="object-store" \ + --description="Swift Service" \ + | grep " id " | get_field 2) + openstack endpoint create \ + $SWIFT_SERVICE \ --region RegionOne \ - --service_id $SWIFT_SERVICE \ --publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \ --adminurl "http://$SERVICE_HOST:8080" \ --internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" fi - SWIFT_TENANT_TEST1=$(keystone tenant-create --name=swifttenanttest1 | grep " id " | get_field 2) + SWIFT_TENANT_TEST1=$(openstack project create swifttenanttest1 | grep " id " | get_field 2) die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1" - SWIFT_USER_TEST1=$(keystone user-create --name=swiftusertest1 --pass=$SWIFTUSERTEST1_PASSWORD --email=test@example.com | grep " id " | get_field 2) + SWIFT_USER_TEST1=$(openstack user create swiftusertest1 --password=$SWIFTUSERTEST1_PASSWORD \ + --project "$SWIFT_TENANT_TEST1" --email=test@example.com | grep " id " | get_field 2) die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1" - keystone user-role-add --user-id $SWIFT_USER_TEST1 --role-id $ADMIN_ROLE --tenant-id $SWIFT_TENANT_TEST1 + openstack role add --user $SWIFT_USER_TEST1 --project $SWIFT_TENANT_TEST1 $ADMIN_ROLE - SWIFT_USER_TEST3=$(keystone user-create --name=swiftusertest3 --pass=$SWIFTUSERTEST3_PASSWORD --email=test3@example.com | grep " id " | get_field 2) + SWIFT_USER_TEST3=$(openstack user create swiftusertest3 --password=$SWIFTUSERTEST3_PASSWORD \ + --project "$SWIFT_TENANT_TEST1" --email=test3@example.com | grep " id " | get_field 2) die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3" - keystone user-role-add --user-id $SWIFT_USER_TEST3 --role-id $ANOTHER_ROLE --tenant-id $SWIFT_TENANT_TEST1 + openstack role add --user $SWIFT_USER_TEST3 --project $SWIFT_TENANT_TEST1 $ANOTHER_ROLE - SWIFT_TENANT_TEST2=$(keystone tenant-create --name=swifttenanttest2 | grep " id " | get_field 2) + SWIFT_TENANT_TEST2=$(openstack project create swifttenanttest2 | grep " id " | get_field 2) die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2" - SWIFT_USER_TEST2=$(keystone user-create --name=swiftusertest2 --pass=$SWIFTUSERTEST2_PASSWORD --email=test2@example.com | grep " id " | get_field 2) + + SWIFT_USER_TEST2=$(openstack user create swiftusertest2 --password=$SWIFTUSERTEST2_PASSWORD \ + --project "$SWIFT_TENANT_TEST2" --email=test2@example.com | grep " id " | get_field 2) die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2" - keystone user-role-add --user-id $SWIFT_USER_TEST2 --role-id $ADMIN_ROLE --tenant-id $SWIFT_TENANT_TEST2 + openstack role add --user $SWIFT_USER_TEST2 --project $SWIFT_TENANT_TEST2 $ADMIN_ROLE } # init_swift() - Initialize rings diff --git a/lib/trove b/lib/trove index bb4549121d..5e1bbd548d 100644 --- a/lib/trove +++ b/lib/trove @@ -71,28 +71,29 @@ function setup_trove_logging() { create_trove_accounts() { # Trove - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - SERVICE_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then - TROVE_USER=$(keystone user-create \ - --name=trove \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=trove@example.com \ + TROVE_USER=$(openstack user create \ + trove \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email trove@example.com \ | grep " id " | get_field 2) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $TROVE_USER \ - --role-id $SERVICE_ROLE + openstack role add \ + $SERVICE_ROLE \ + --project $SERVICE_TENANT \ + --user $TROVE_USER if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - TROVE_SERVICE=$(keystone service-create \ - --name=trove \ + TROVE_SERVICE=$(openstack service create + trove \ --type=database \ --description="Trove Service" \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ + $TROVE_SERVICE \ --region RegionOne \ - --service_id $TROVE_SERVICE \ --publicurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \ --adminurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \ --internalurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" diff --git a/stack.sh b/stack.sh index c153132485..e5d87cca11 100755 --- a/stack.sh +++ b/stack.sh @@ -925,6 +925,9 @@ if is_service_enabled key; then # Do the keystone-specific bits from keystone_data.sh export OS_SERVICE_TOKEN=$SERVICE_TOKEN export OS_SERVICE_ENDPOINT=$SERVICE_ENDPOINT + # Add temporarily to make openstackclient work + export OS_TOKEN=$SERVICE_TOKEN + export OS_URL=$SERVICE_ENDPOINT create_keystone_accounts create_nova_accounts create_cinder_accounts @@ -947,6 +950,7 @@ if is_service_enabled key; then bash -x $FILES/keystone_data.sh # Set up auth creds now that keystone is bootstrapped + unset OS_TOKEN OS_URL export OS_AUTH_URL=$SERVICE_ENDPOINT export OS_TENANT_NAME=admin export OS_USERNAME=admin