Merge "change tenant to project in keystone bootstrapping"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
2e23e64151
56
lib/keystone
56
lib/keystone
@ -106,9 +106,9 @@ KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
|||||||
|
|
||||||
# Bind hosts
|
# Bind hosts
|
||||||
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
|
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
|
||||||
# Set the tenant for service accounts in Keystone
|
# Set the project for service accounts in Keystone
|
||||||
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
|
SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
|
||||||
SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service}
|
SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
|
||||||
|
|
||||||
# if we are running with SSL use https protocols
|
# if we are running with SSL use https protocols
|
||||||
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
||||||
@ -335,7 +335,7 @@ function configure_keystone {
|
|||||||
|
|
||||||
# create_keystone_accounts() - Sets up common required keystone accounts
|
# create_keystone_accounts() - Sets up common required keystone accounts
|
||||||
|
|
||||||
# Tenant User Roles
|
# Project User Roles
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
# admin admin admin
|
# admin admin admin
|
||||||
# service -- --
|
# service -- --
|
||||||
@ -348,7 +348,7 @@ function configure_keystone {
|
|||||||
# alt_demo alt_demo Member, anotherrole
|
# alt_demo alt_demo Member, anotherrole
|
||||||
# invisible_to_admin demo Member
|
# invisible_to_admin demo Member
|
||||||
|
|
||||||
# Group Users Roles Tenant
|
# Group Users Roles Project
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
# admins admin admin admin
|
# admins admin admin admin
|
||||||
# nonadmins demo, alt_demo Member, anotherrole demo, alt_demo
|
# nonadmins demo, alt_demo Member, anotherrole demo, alt_demo
|
||||||
@ -360,8 +360,8 @@ function create_keystone_accounts {
|
|||||||
# The keystone bootstrapping process (performed via keystone-manage bootstrap)
|
# The keystone bootstrapping process (performed via keystone-manage bootstrap)
|
||||||
# creates an admin user, admin role and admin project. As a sanity check
|
# creates an admin user, admin role and admin project. As a sanity check
|
||||||
# we exercise the CLI to retrieve the IDs for these values.
|
# we exercise the CLI to retrieve the IDs for these values.
|
||||||
local admin_tenant
|
local admin_project
|
||||||
admin_tenant=$(openstack project show "admin" -f value -c id)
|
admin_project=$(openstack project show "admin" -f value -c id)
|
||||||
local admin_user
|
local admin_user
|
||||||
admin_user=$(openstack user show "admin" -f value -c id)
|
admin_user=$(openstack user show "admin" -f value -c id)
|
||||||
local admin_role
|
local admin_role
|
||||||
@ -376,8 +376,8 @@ function create_keystone_accounts {
|
|||||||
get_or_create_role service
|
get_or_create_role service
|
||||||
|
|
||||||
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
|
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
|
||||||
# The admin role in swift allows a user to act as an admin for their tenant,
|
# The admin role in swift allows a user to act as an admin for their project,
|
||||||
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
|
# but ResellerAdmin is needed for a user to act as any project. The name of this
|
||||||
# role is also configurable in swift-proxy.conf
|
# role is also configurable in swift-proxy.conf
|
||||||
get_or_create_role ResellerAdmin
|
get_or_create_role ResellerAdmin
|
||||||
|
|
||||||
@ -390,32 +390,32 @@ function create_keystone_accounts {
|
|||||||
local another_role
|
local another_role
|
||||||
another_role=$(get_or_create_role "anotherrole")
|
another_role=$(get_or_create_role "anotherrole")
|
||||||
|
|
||||||
# invisible tenant - admin can't see this one
|
# invisible project - admin can't see this one
|
||||||
local invis_tenant
|
local invis_project
|
||||||
invis_tenant=$(get_or_create_project "invisible_to_admin" default)
|
invis_project=$(get_or_create_project "invisible_to_admin" default)
|
||||||
|
|
||||||
# demo
|
# demo
|
||||||
local demo_tenant
|
local demo_project
|
||||||
demo_tenant=$(get_or_create_project "demo" default)
|
demo_project=$(get_or_create_project "demo" default)
|
||||||
local demo_user
|
local demo_user
|
||||||
demo_user=$(get_or_create_user "demo" \
|
demo_user=$(get_or_create_user "demo" \
|
||||||
"$ADMIN_PASSWORD" "default" "demo@example.com")
|
"$ADMIN_PASSWORD" "default" "demo@example.com")
|
||||||
|
|
||||||
get_or_add_user_project_role $member_role $demo_user $demo_tenant
|
get_or_add_user_project_role $member_role $demo_user $demo_project
|
||||||
get_or_add_user_project_role $admin_role $admin_user $demo_tenant
|
get_or_add_user_project_role $admin_role $admin_user $demo_project
|
||||||
get_or_add_user_project_role $another_role $demo_user $demo_tenant
|
get_or_add_user_project_role $another_role $demo_user $demo_project
|
||||||
get_or_add_user_project_role $member_role $demo_user $invis_tenant
|
get_or_add_user_project_role $member_role $demo_user $invis_project
|
||||||
|
|
||||||
# alt_demo
|
# alt_demo
|
||||||
local alt_demo_tenant
|
local alt_demo_project
|
||||||
alt_demo_tenant=$(get_or_create_project "alt_demo" default)
|
alt_demo_project=$(get_or_create_project "alt_demo" default)
|
||||||
local alt_demo_user
|
local alt_demo_user
|
||||||
alt_demo_user=$(get_or_create_user "alt_demo" \
|
alt_demo_user=$(get_or_create_user "alt_demo" \
|
||||||
"$ADMIN_PASSWORD" "default" "alt_demo@example.com")
|
"$ADMIN_PASSWORD" "default" "alt_demo@example.com")
|
||||||
|
|
||||||
get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant
|
get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_project
|
||||||
get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant
|
get_or_add_user_project_role $admin_role $admin_user $alt_demo_project
|
||||||
get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant
|
get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_project
|
||||||
|
|
||||||
# groups
|
# groups
|
||||||
local admin_group
|
local admin_group
|
||||||
@ -425,11 +425,11 @@ function create_keystone_accounts {
|
|||||||
non_admin_group=$(get_or_create_group "nonadmins" \
|
non_admin_group=$(get_or_create_group "nonadmins" \
|
||||||
"default" "non-admin group")
|
"default" "non-admin group")
|
||||||
|
|
||||||
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
|
get_or_add_group_project_role $member_role $non_admin_group $demo_project
|
||||||
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
|
get_or_add_group_project_role $another_role $non_admin_group $demo_project
|
||||||
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant
|
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_project
|
||||||
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant
|
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_project
|
||||||
get_or_add_group_project_role $admin_role $admin_group $admin_tenant
|
get_or_add_group_project_role $admin_role $admin_group $admin_project
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create a user that is capable of verifying keystone tokens for use with auth_token middleware.
|
# Create a user that is capable of verifying keystone tokens for use with auth_token middleware.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user