openstack/devstack
Code Issues Proposed changes

Convert identity defaults to keystone v3 api

Browse Source 
At this point all our function calls should be using the V3 APIs anyway
so switch the authentication credentials to v3 compatible ones and
remove all the hacks we added to force v3 API calls.

Implements: bp keystonev3
Change-Id: If92d3e11b9a363454f77527783b6d25f4da9c249
This commit is contained in:
Jamie Lennox 2015-05-29 08:36:40 +00:00
parent b1ea5eacbc
commit 4b115ad526
2 changed files with 12 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
functions-common
View File

@ -687,16 +687,13 @@ function policy_add {
# Usage: get_or_create_domain <name> <description> # Usage: get_or_create_domain <name> <description>
function get_or_create_domain { function get_or_create_domain {
local domain_id local domain_id
local os_url="$KEYSTONE_SERVICE_URI_V3"
# Gets domain id # Gets domain id
domain_id=$( domain_id=$(
# Gets domain id # Gets domain id
openstack --os-token=$OS_TOKEN --os-url=$os_url \ openstack domain show $1 \
--os-identity-api-version=3 domain show $1 \
-f value -c id 2>/dev/null || -f value -c id 2>/dev/null ||
# Creates new domain # Creates new domain
openstack --os-token=$OS_TOKEN --os-url=$os_url \ openstack domain create $1 \
--os-identity-api-version=3 domain create $1 \
--description "$2" \ --description "$2" \
-f value -c id -f value -c id
) )
@ -707,13 +704,11 @@ function get_or_create_domain {
# Usage: get_or_create_group <groupname> <domain> [<description>] # Usage: get_or_create_group <groupname> <domain> [<description>]
function get_or_create_group { function get_or_create_group {
local desc="${3:-}" local desc="${3:-}"
local os_url="$KEYSTONE_SERVICE_URI_V3"
local group_id local group_id
# Gets group id # Gets group id
group_id=$( group_id=$(
# Creates new group with --or-show # Creates new group with --or-show
openstack --os-token=$OS_TOKEN --os-url=$os_url \ openstack group create $1 \
--os-identity-api-version=3 group create $1 \
--domain $2 --description "$desc" --or-show \ --domain $2 --description "$desc" --or-show \
-f value -c id -f value -c id
) )
@ -735,8 +730,6 @@ function get_or_create_user {
openstack user create \ openstack user create \
$1 \ $1 \
--password "$2" \ --password "$2" \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--domain=$3 \ --domain=$3 \
$email \ $email \
--or-show \ --or-show \
@ -751,9 +744,7 @@ function get_or_create_project {
local project_id local project_id
project_id=$( project_id=$(
# Creates new project with --or-show # Creates new project with --or-show
openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ openstack project create $1 \
--os-identity-api-version=3 \
project create $1 \
--domain=$2 \ --domain=$2 \
--or-show -f value -c id --or-show -f value -c id
) )
@ -767,8 +758,6 @@ function get_or_create_role {
role_id=$( role_id=$(
# Creates role with --or-show # Creates role with --or-show
openstack role create $1 \ openstack role create $1 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--or-show -f value -c id --or-show -f value -c id
) )
echo $role_id echo $role_id
@ -781,8 +770,6 @@ function get_or_add_user_project_role {
# Gets user role id # Gets user role id
user_role_id=$(openstack role list \ user_role_id=$(openstack role list \
--user $2 \ --user $2 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--column "ID" \ --column "ID" \
--project $3 \ --project $3 \
--column "Name" \ --column "Name" \
@ -793,8 +780,6 @@ function get_or_add_user_project_role {
$1 \ $1 \
--user $2 \ --user $2 \
--project $3 \ --project $3 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
| grep " id " | get_field 2) | grep " id " | get_field 2)
fi fi
echo $user_role_id echo $user_role_id
@ -806,21 +791,15 @@ function get_or_add_group_project_role {
local group_role_id local group_role_id
# Gets group role id # Gets group role id
group_role_id=$(openstack role list \ group_role_id=$(openstack role list \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \ --group $2 \
--project $3 \ --project $3 \
-c "ID" -f value) -c "ID" -f value)
if [[ -z "$group_role_id" ]]; then if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it # Adds role to group and get it
openstack role add $1 \ openstack role add $1 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \ --group $2 \
--project $3 --project $3
group_role_id=$(openstack role list \ group_role_id=$(openstack role list \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \ --group $2 \
--project $3 \ --project $3 \
-c "ID" -f value) -c "ID" -f value)
@ -838,8 +817,6 @@ function get_or_create_service {
openstack service show $2 -f value -c id 2>/dev/null || openstack service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists # Creates new service if not exists
openstack service create \ openstack service create \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
$2 \ $2 \
--name $1 \ --name $1 \
--description="$3" \ --description="$3" \
@ -858,8 +835,6 @@ function _get_or_create_endpoint_with_interface {
# gets support for this, the check for the region name can be removed. # gets support for this, the check for the region name can be removed.
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772 # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
endpoint_id=$(openstack endpoint list \ endpoint_id=$(openstack endpoint list \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--service $1 \ --service $1 \
--interface $2 \ --interface $2 \
--region $4 \ --region $4 \
@ -867,8 +842,6 @@ function _get_or_create_endpoint_with_interface {
if [[ -z "$endpoint_id" ]]; then if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint # Creates new endpoint
endpoint_id=$(openstack endpoint create \ endpoint_id=$(openstack endpoint create \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
$1 $2 $3 --region $4 -f value -c id) $1 $2 $3 --region $4 -f value -c id)
fi fi

15
stack.sh
View File

@ -987,13 +987,15 @@ if is_service_enabled keystone; then
start_keystone start_keystone
fi fi
export OS_IDENTITY_API_VERSION=3
# Set up a temporary admin URI for Keystone # Set up a temporary admin URI for Keystone
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem export OS_CACERT=$INT_CA_DIR/ca-chain.pem
# Until the client support is fixed, just use the internal endpoint # Until the client support is fixed, just use the internal endpoint
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0 SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
fi fi
# Setup OpenStackClient token-endpoint auth # Setup OpenStackClient token-endpoint auth
@ -1021,14 +1023,13 @@ if is_service_enabled keystone; then
# Begone token auth # Begone token auth
unset OS_TOKEN OS_URL unset OS_TOKEN OS_URL
# force set to use v2 identity authentication even with v3 commands
export OS_AUTH_TYPE=v2password
# Set up password auth credentials now that Keystone is bootstrapped # Set up password auth credentials now that Keystone is bootstrapped
export OS_AUTH_URL=$SERVICE_ENDPOINT export OS_AUTH_URL=$KEYSTONE_AUTH_URI
export OS_TENANT_NAME=admin
export OS_USERNAME=admin export OS_USERNAME=admin
export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=$ADMIN_PASSWORD export OS_PASSWORD=$ADMIN_PASSWORD
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_ID=default
export OS_REGION_NAME=$REGION_NAME export OS_REGION_NAME=$REGION_NAME
fi fi