Merge "Prepare for dropping keystone admin endpoint"
This commit is contained in:
Zuul
Gerrit Code Review
commit
46e74f339d
@ -47,7 +47,7 @@ KILL_PATH="$(which kill)"
|
||||
|
||||
# Save these variables to .stackenv
|
||||
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
|
||||
KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \
|
||||
KEYSTONE_SERVICE_URI \
|
||||
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \
|
||||
HOST_IPV6 SERVICE_IP_VERSION"
|
||||
|
||||
|
||||
@ -208,8 +208,7 @@ function configure_glance {
|
||||
|
||||
if is_service_enabled tls-proxy; then
|
||||
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
|
||||
|
||||
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI
|
||||
fi
|
||||
|
||||
# Format logging
|
||||
@ -221,7 +220,7 @@ function configure_glance {
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD
|
||||
|
||||
@ -115,7 +115,7 @@ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/ide
|
||||
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
|
||||
|
||||
# V3 URIs
|
||||
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
|
||||
KEYSTONE_AUTH_URI_V3=$KEYSTONE_SERVICE_URI/v3
|
||||
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
|
||||
|
||||
# Security compliance
|
||||
@ -413,6 +413,7 @@ function configure_keystone_authtoken_middleware {
|
||||
local section=${3:-keystone_authtoken}
|
||||
|
||||
iniset $conf_file $section auth_type password
|
||||
iniset $conf_file $section interface public
|
||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
|
||||
iniset $conf_file $section username $admin_user
|
||||
iniset $conf_file $section password $SERVICE_PASSWORD
|
||||
@ -561,7 +562,6 @@ function stop_keystone {
|
||||
# - ``KEYSTONE_BIN_DIR``
|
||||
# - ``ADMIN_PASSWORD``
|
||||
# - ``IDENTITY_API_VERSION``
|
||||
# - ``KEYSTONE_AUTH_URI``
|
||||
# - ``REGION_NAME``
|
||||
# - ``KEYSTONE_SERVICE_PROTOCOL``
|
||||
# - ``KEYSTONE_SERVICE_HOST``
|
||||
|
||||
@ -372,7 +372,7 @@ function configure_mutnauq {
|
||||
function create_nova_conf_neutron {
|
||||
local conf=${1:-$NOVA_CONF}
|
||||
iniset $conf neutron auth_type "password"
|
||||
iniset $conf neutron auth_url "$KEYSTONE_AUTH_URI"
|
||||
iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI"
|
||||
iniset $conf neutron username "$Q_ADMIN_USERNAME"
|
||||
iniset $conf neutron password "$SERVICE_PASSWORD"
|
||||
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
|
||||
@ -46,7 +46,7 @@ function configure_nova_hypervisor {
|
||||
iniset $NOVA_CONF ironic auth_type password
|
||||
iniset $NOVA_CONF ironic username admin
|
||||
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD
|
||||
iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI
|
||||
iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI
|
||||
iniset $NOVA_CONF ironic project_domain_id default
|
||||
iniset $NOVA_CONF ironic user_domain_id default
|
||||
iniset $NOVA_CONF ironic project_name demo
|
||||
|
||||
@ -527,7 +527,7 @@ function configure_swift {
|
||||
else
|
||||
iniset ${testfile} func_test auth_port 80
|
||||
fi
|
||||
iniset ${testfile} func_test auth_uri ${KEYSTONE_AUTH_URI}
|
||||
iniset ${testfile} func_test auth_uri ${KEYSTONE_SERVICE_URI}
|
||||
if [[ "$auth_vers" == "3" ]]; then
|
||||
iniset ${testfile} func_test auth_prefix /identity/v3/
|
||||
else
|
||||
|
||||
4
openrc
4
openrc
@ -87,9 +87,9 @@ export OS_AUTH_TYPE=password
|
||||
|
||||
# If you don't have a working .stackenv, this is the backup position
|
||||
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000
|
||||
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP}
|
||||
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP}
|
||||
|
||||
export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_AUTH_URI}
|
||||
export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI}
|
||||
|
||||
# Currently, in order to use openstackclient with Identity API v3,
|
||||
# we need to set the domain which the user and project belong to.
|
||||
|
||||
2
stack.sh
2
stack.sh
@ -1053,7 +1053,7 @@ cat > $TOP_DIR/userrc_early <<EOF
|
||||
|
||||
# Set up password auth credentials now that Keystone is bootstrapped
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_AUTH_URL=$KEYSTONE_AUTH_URI
|
||||
export OS_AUTH_URL=$KEYSTONE_SERVICE_URI
|
||||
export OS_USERNAME=admin
|
||||
export OS_USER_DOMAIN_ID=default
|
||||
export OS_PASSWORD=$ADMIN_PASSWORD
|
||||
|
||||
Loading…
Reference in New Issue
Block a user