Merge "change tenant to project in keystone bootstrapping"

This commit is contained in:
Jenkins 2016-04-13 23:35:52 +00:00 committed by Gerrit Code Review
commit 2e23e64151

View File

@ -106,9 +106,9 @@ KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
# Bind hosts
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
# Set the tenant for service accounts in Keystone
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service}
# Set the project for service accounts in Keystone
SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
# if we are running with SSL use https protocols
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
@ -335,7 +335,7 @@ function configure_keystone {
# create_keystone_accounts() - Sets up common required keystone accounts
# Tenant User Roles
# Project User Roles
# ------------------------------------------------------------------
# admin admin admin
# service -- --
@ -348,7 +348,7 @@ function configure_keystone {
# alt_demo alt_demo Member, anotherrole
# invisible_to_admin demo Member
# Group Users Roles Tenant
# Group Users Roles Project
# ------------------------------------------------------------------
# admins admin admin admin
# nonadmins demo, alt_demo Member, anotherrole demo, alt_demo
@ -360,8 +360,8 @@ function create_keystone_accounts {
# The keystone bootstrapping process (performed via keystone-manage bootstrap)
# creates an admin user, admin role and admin project. As a sanity check
# we exercise the CLI to retrieve the IDs for these values.
local admin_tenant
admin_tenant=$(openstack project show "admin" -f value -c id)
local admin_project
admin_project=$(openstack project show "admin" -f value -c id)
local admin_user
admin_user=$(openstack user show "admin" -f value -c id)
local admin_role
@ -376,8 +376,8 @@ function create_keystone_accounts {
get_or_create_role service
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
# The admin role in swift allows a user to act as an admin for their tenant,
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
# The admin role in swift allows a user to act as an admin for their project,
# but ResellerAdmin is needed for a user to act as any project. The name of this
# role is also configurable in swift-proxy.conf
get_or_create_role ResellerAdmin
@ -390,32 +390,32 @@ function create_keystone_accounts {
local another_role
another_role=$(get_or_create_role "anotherrole")
# invisible tenant - admin can't see this one
local invis_tenant
invis_tenant=$(get_or_create_project "invisible_to_admin" default)
# invisible project - admin can't see this one
local invis_project
invis_project=$(get_or_create_project "invisible_to_admin" default)
# demo
local demo_tenant
demo_tenant=$(get_or_create_project "demo" default)
local demo_project
demo_project=$(get_or_create_project "demo" default)
local demo_user
demo_user=$(get_or_create_user "demo" \
"$ADMIN_PASSWORD" "default" "demo@example.com")
get_or_add_user_project_role $member_role $demo_user $demo_tenant
get_or_add_user_project_role $admin_role $admin_user $demo_tenant
get_or_add_user_project_role $another_role $demo_user $demo_tenant
get_or_add_user_project_role $member_role $demo_user $invis_tenant
get_or_add_user_project_role $member_role $demo_user $demo_project
get_or_add_user_project_role $admin_role $admin_user $demo_project
get_or_add_user_project_role $another_role $demo_user $demo_project
get_or_add_user_project_role $member_role $demo_user $invis_project
# alt_demo
local alt_demo_tenant
alt_demo_tenant=$(get_or_create_project "alt_demo" default)
local alt_demo_project
alt_demo_project=$(get_or_create_project "alt_demo" default)
local alt_demo_user
alt_demo_user=$(get_or_create_user "alt_demo" \
"$ADMIN_PASSWORD" "default" "alt_demo@example.com")
get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant
get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant
get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant
get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_project
get_or_add_user_project_role $admin_role $admin_user $alt_demo_project
get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_project
# groups
local admin_group
@ -425,11 +425,11 @@ function create_keystone_accounts {
non_admin_group=$(get_or_create_group "nonadmins" \
"default" "non-admin group")
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant
get_or_add_group_project_role $admin_role $admin_group $admin_tenant
get_or_add_group_project_role $member_role $non_admin_group $demo_project
get_or_add_group_project_role $another_role $non_admin_group $demo_project
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_project
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_project
get_or_add_group_project_role $admin_role $admin_group $admin_project
}
# Create a user that is capable of verifying keystone tokens for use with auth_token middleware.