openstack/devstack
Code Issues Proposed changes

Merge "Use devstack-system-admin for keystone objects creation"

Browse Source
This commit is contained in:
Zuul 2022-02-21 15:22:08 +00:00 committed by Gerrit Code Review
commit 5e7dad1146
2 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
functions-common
View File

@ -878,10 +878,10 @@ function get_or_create_domain {
# Gets domain id # Gets domain id
domain_id=$( domain_id=$(
# Gets domain id # Gets domain id
openstack domain show $1 \ openstack --os-cloud devstack-system-admin domain show $1 \
-f value -c id 2>/dev/null || -f value -c id 2>/dev/null ||
# Creates new domain # Creates new domain
openstack domain create $1 \ openstack --os-cloud devstack-system-admin domain create $1 \
--description "$2" \ --description "$2" \
-f value -c id -f value -c id
) )
@ -896,7 +896,7 @@ function get_or_create_group {
# Gets group id # Gets group id
group_id=$( group_id=$(
# Creates new group with --or-show # Creates new group with --or-show
openstack group create $1 \ openstack --os-cloud devstack-system-admin group create $1 \
--domain $2 --description "$desc" --or-show \ --domain $2 --description "$desc" --or-show \
-f value -c id -f value -c id
) )
@ -915,7 +915,7 @@ function get_or_create_user {
# Gets user id # Gets user id
user_id=$( user_id=$(
# Creates new user with --or-show # Creates new user with --or-show
openstack user create \ openstack --os-cloud devstack-system-admin user create \
$1 \ $1 \
--password "$2" \ --password "$2" \
--domain=$3 \ --domain=$3 \
@ -932,7 +932,7 @@ function get_or_create_project {
local project_id local project_id
project_id=$( project_id=$(
# Creates new project with --or-show # Creates new project with --or-show
openstack project create $1 \ openstack --os-cloud devstack-system-admin project create $1 \
--domain=$2 \ --domain=$2 \
--or-show -f value -c id --or-show -f value -c id
) )
@ -945,7 +945,7 @@ function get_or_create_role {
local role_id local role_id
role_id=$( role_id=$(
# Creates role with --or-show # Creates role with --or-show
openstack role create $1 \ openstack --os-cloud devstack-system-admin role create $1 \
--or-show -f value -c id --or-show -f value -c id
) )
echo $role_id echo $role_id
@ -975,7 +975,7 @@ function get_or_add_user_project_role {
domain_args=$(_get_domain_args $4 $5) domain_args=$(_get_domain_args $4 $5)
# Gets user role id # Gets user role id
user_role_id=$(openstack role assignment list \ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--user $2 \ --user $2 \
--project $3 \ --project $3 \
@ -983,11 +983,11 @@ function get_or_add_user_project_role {
| grep '^|\s[a-f0-9]\+' | get_field 1) | grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it # Adds role to user and get it
openstack role add $1 \ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \ --user $2 \
--project $3 \ --project $3 \
$domain_args $domain_args
user_role_id=$(openstack role assignment list \ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--user $2 \ --user $2 \
--project $3 \ --project $3 \
@ -1002,17 +1002,17 @@ function get_or_add_user_project_role {
function get_or_add_user_domain_role { function get_or_add_user_domain_role {
local user_role_id local user_role_id
# Gets user role id # Gets user role id
user_role_id=$(openstack role assignment list \ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--user $2 \ --user $2 \
--domain $3 \ --domain $3 \
| grep '^|\s[a-f0-9]\+' | get_field 1) | grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it # Adds role to user and get it
openstack role add $1 \ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \ --user $2 \
--domain $3 --domain $3
user_role_id=$(openstack role assignment list \ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--user $2 \ --user $2 \
--domain $3 \ --domain $3 \
@ -1030,7 +1030,7 @@ function get_or_add_user_system_role {
domain_args=$(_get_domain_args $4) domain_args=$(_get_domain_args $4)
# Gets user role id # Gets user role id
user_role_id=$(openstack role assignment list \ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--user $2 \ --user $2 \
--system $3 \ --system $3 \
@ -1038,11 +1038,11 @@ function get_or_add_user_system_role {
-f value -c Role) -f value -c Role)
if [[ -z "$user_role_id" ]]; then if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it # Adds role to user and get it
openstack role add $1 \ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \ --user $2 \
--system $3 \ --system $3 \
$domain_args $domain_args
user_role_id=$(openstack role assignment list \ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--user $2 \ --user $2 \
--system $3 \ --system $3 \
@ -1057,17 +1057,17 @@ function get_or_add_user_system_role {
function get_or_add_group_project_role { function get_or_add_group_project_role {
local group_role_id local group_role_id
# Gets group role id # Gets group role id
group_role_id=$(openstack role assignment list \ group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--group $2 \ --group $2 \
--project $3 \ --project $3 \
-f value) -f value)
if [[ -z "$group_role_id" ]]; then if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it # Adds role to group and get it
openstack role add $1 \ openstack --os-cloud devstack-system-admin role add $1 \
--group $2 \ --group $2 \
--project $3 --project $3
group_role_id=$(openstack role assignment list \ group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \ --role $1 \
--group $2 \ --group $2 \
--project $3 \ --project $3 \
@ -1083,9 +1083,9 @@ function get_or_create_service {
# Gets service id # Gets service id
service_id=$( service_id=$(
# Gets service id # Gets service id
openstack service show $2 -f value -c id 2>/dev/null || openstack --os-cloud devstack-system-admin service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists # Creates new service if not exists
openstack service create \ openstack --os-cloud devstack-system-admin service create \
$2 \ $2 \
--name $1 \ --name $1 \
--description="$3" \ --description="$3" \
@ -1098,14 +1098,14 @@ function get_or_create_service {
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region> # Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
function _get_or_create_endpoint_with_interface { function _get_or_create_endpoint_with_interface {
local endpoint_id local endpoint_id
endpoint_id=$(openstack endpoint list \ endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 \ --service $1 \
--interface $2 \ --interface $2 \
--region $4 \ --region $4 \
-c ID -f value) -c ID -f value)
if [[ -z "$endpoint_id" ]]; then if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint # Creates new endpoint
endpoint_id=$(openstack endpoint create \ endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint create \
$1 $2 $3 --region $4 -f value -c id) $1 $2 $3 --region $4 -f value -c id)
fi fi
@ -1139,7 +1139,7 @@ function get_or_create_endpoint {
# Get a URL from the identity service # Get a URL from the identity service
# Usage: get_endpoint_url <service> <interface> # Usage: get_endpoint_url <service> <interface>
function get_endpoint_url { function get_endpoint_url {
echo $(openstack endpoint list \ echo $(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 --interface $2 \ --service $1 --interface $2 \
-c URL -f value) -c URL -f value)
} }

6
lib/glance
View File

@ -311,11 +311,11 @@ function configure_glance_quotas {
iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI
iniset $GLANCE_API_CONF oslo_limit system_scope "'all'" iniset $GLANCE_API_CONF oslo_limit system_scope "'all'"
iniset $GLANCE_API_CONF oslo_limit endpoint_id \ iniset $GLANCE_API_CONF oslo_limit endpoint_id \
$(openstack endpoint list --service glance -f value -c ID) $(openstack --os-cloud devstack-system-admin endpoint list --service glance -f value -c ID)
# Allow the glance service user to read quotas # Allow the glance service user to read quotas
openstack role add --user glance --user-domain Default --system all \ openstack --os-cloud devstack-system-admin role add --user glance --user-domain Default \
reader --system all reader
} }
# configure_glance() - Set config files, create data dirs, etc # configure_glance() - Set config files, create data dirs, etc