Replace TENANT => PROJECT phase 1

This replaces the use of TENANT variables with PROJECT ones during the
initial setup. The openrc will still export a OS_TENANT_NAME because
many tools (cinderclient, glanceclient amoung them) will not function
without it. We warn when we do that.

Change-Id: I824b1121842eb5821034071874bf1bb2d7c3631e

exercises/boot_from_volume.sh

@@ -64,7 +64,7 @@ VOL_NAME=${VOL_NAME:-ex-vol-bfv}
 # Launching a server
 # ==================
 
-# List servers for tenant:
+# List servers for project:
 nova list
 
 # Images

exercises/client-args.sh

@@ -43,19 +43,19 @@ unset NOVA_URL
 unset NOVA_USERNAME
 
 # Save the known variables for later
-export x_TENANT_NAME=$OS_TENANT_NAME
+export x_PROJECT_NAME=$OS_PROJECT_NAME
 export x_USERNAME=$OS_USERNAME
 export x_PASSWORD=$OS_PASSWORD
 export x_AUTH_URL=$OS_AUTH_URL
 
 # Unset the usual variables to force argument processing
-unset OS_TENANT_NAME
+unset OS_PROJECT_NAME
 unset OS_USERNAME
 unset OS_PASSWORD
 unset OS_AUTH_URL
 
 # Common authentication args
-TENANT_ARG="--os-tenant-name=$x_TENANT_NAME"
+PROJECT_ARG="--os-project-name=$x_PROJECT_NAME"
 ARGS="--os-username=$x_USERNAME --os-password=$x_PASSWORD --os-auth-url=$x_AUTH_URL"
 
 # Set global return
@@ -68,7 +68,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
         STATUS_KEYSTONE="Skipped"
     else
         echo -e "\nTest Keystone"
-        if openstack $TENANT_ARG $ARGS catalog show identity; then
+        if openstack $PROJECT_ARG $ARGS catalog show identity; then
             STATUS_KEYSTONE="Succeeded"
         else
             STATUS_KEYSTONE="Failed"
@@ -87,7 +87,7 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
     else
         # Test OSAPI
         echo -e "\nTest Nova"
-        if nova $TENANT_ARG $ARGS flavor-list; then
+        if nova $PROJECT_ARG $ARGS flavor-list; then
             STATUS_NOVA="Succeeded"
         else
             STATUS_NOVA="Failed"
@@ -104,7 +104,7 @@ if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
         STATUS_CINDER="Skipped"
     else
         echo -e "\nTest Cinder"
-        if cinder $TENANT_ARG $ARGS list; then
+        if cinder $PROJECT_ARG $ARGS list; then
             STATUS_CINDER="Succeeded"
         else
             STATUS_CINDER="Failed"
@@ -121,7 +121,7 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
         STATUS_GLANCE="Skipped"
     else
         echo -e "\nTest Glance"
-        if openstack $TENANT_ARG $ARGS image list; then
+        if openstack $PROJECT_ARG $ARGS image list; then
             STATUS_GLANCE="Succeeded"
         else
             STATUS_GLANCE="Failed"
@@ -138,7 +138,7 @@ if [[ "$ENABLED_SERVICES" =~ "swift" || "$ENABLED_SERVICES" =~ "s-proxy" ]]; the
         STATUS_SWIFT="Skipped"
     else
         echo -e "\nTest Swift"
-        if swift $TENANT_ARG $ARGS stat; then
+        if swift $PROJECT_ARG $ARGS stat; then
             STATUS_SWIFT="Succeeded"
         else
             STATUS_SWIFT="Failed"

exercises/neutron-adv-test.sh

@@ -48,9 +48,9 @@ source $TOP_DIR/exerciserc
 # Neutron Settings
 # ----------------
 
-TENANTS="DEMO1"
+PROJECTS="DEMO1"
 # TODO (nati)_Test public network
-#TENANTS="DEMO1,DEMO2"
+#PROJECTS="DEMO1,DEMO2"
 
 PUBLIC_NAME="admin"
 DEMO1_NAME="demo1"
@@ -91,34 +91,34 @@ DEMO2_ROUTER1_NET="demo2-net1"
 # Various functions
 # -----------------
 
-function foreach_tenant {
+function foreach_project {
     COMMAND=$1
-    for TENANT in ${TENANTS//,/ };do
+    for PROJECT in ${PROJECTS//,/ };do
-        eval ${COMMAND//%TENANT%/$TENANT}
+        eval ${COMMAND//%PROJECT%/$PROJECT}
     done
 }
 
-function foreach_tenant_resource {
+function foreach_project_resource {
     COMMAND=$1
     RESOURCE=$2
-    for TENANT in ${TENANTS//,/ };do
+    for PROJECT in ${PROJECTS//,/ };do
-        eval 'NUM=$'"${TENANT}_NUM_$RESOURCE"
+        eval 'NUM=$'"${PROJECT}_NUM_$RESOURCE"
         for i in `seq $NUM`;do
-            local COMMAND_LOCAL=${COMMAND//%TENANT%/$TENANT}
+            local COMMAND_LOCAL=${COMMAND//%PROJECT%/$PROJECT}
             COMMAND_LOCAL=${COMMAND_LOCAL//%NUM%/$i}
             eval $COMMAND_LOCAL
         done
     done
 }
 
-function foreach_tenant_vm {
+function foreach_project_vm {
     COMMAND=$1
-    foreach_tenant_resource "$COMMAND" 'VM'
+    foreach_project_resource "$COMMAND" 'VM'
 }
 
-function foreach_tenant_net {
+function foreach_project_net {
     COMMAND=$1
-    foreach_tenant_resource "$COMMAND" 'NET'
+    foreach_project_resource "$COMMAND" 'NET'
 }
 
 function get_image_id {
@@ -128,12 +128,12 @@ function get_image_id {
     echo "$IMAGE_ID"
 }
 
-function get_tenant_id {
+function get_project_id {
-    local TENANT_NAME=$1
+    local PROJECT_NAME=$1
-    local TENANT_ID
+    local PROJECT_ID
-    TENANT_ID=`openstack project list | grep " $TENANT_NAME " | head -n 1 | get_field 1`
+    PROJECT_ID=`openstack project list | grep " $PROJECT_NAME " | head -n 1 | get_field 1`
-    die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for $TENANT_NAME"
+    die_if_not_set $LINENO PROJECT_ID "Failure retrieving PROJECT_ID for $PROJECT_NAME"
-    echo "$TENANT_ID"
+    echo "$PROJECT_ID"
 }
 
 function get_user_id {
@@ -177,23 +177,23 @@ function confirm_server_active {
 
 function neutron_debug_admin {
     local os_username=$OS_USERNAME
-    local os_tenant_id=$OS_TENANT_ID
+    local os_project_id=$OS_PROJECT_ID
     source $TOP_DIR/openrc admin admin
     neutron-debug $@
-    source $TOP_DIR/openrc $os_username $os_tenant_id
+    source $TOP_DIR/openrc $os_username $os_project_id
 }
 
-function add_tenant {
+function add_project {
     openstack project create $1
     openstack user create $2 --password ${ADMIN_PASSWORD} --project $1
     openstack role add Member --project $1 --user $2
 }
 
-function remove_tenant {
+function remove_project {
-    local TENANT=$1
+    local PROJECT=$1
-    local TENANT_ID
+    local PROJECT_ID
-    TENANT_ID=$(get_tenant_id $TENANT)
+    PROJECT_ID=$(get_project_id $PROJECT)
-    openstack project delete $TENANT_ID
+    openstack project delete $PROJECT_ID
 }
 
 function remove_user {
@@ -203,47 +203,47 @@ function remove_user {
     openstack user delete $USER_ID
 }
 
-function create_tenants {
+function create_projects {
     source $TOP_DIR/openrc admin admin
-    add_tenant demo1 demo1 demo1
+    add_project demo1 demo1 demo1
-    add_tenant demo2 demo2 demo2
+    add_project demo2 demo2 demo2
     source $TOP_DIR/openrc demo demo
 }
 
-function delete_tenants_and_users {
+function delete_projects_and_users {
     source $TOP_DIR/openrc admin admin
     remove_user demo1
-    remove_tenant demo1
+    remove_project demo1
     remove_user demo2
-    remove_tenant demo2
+    remove_project demo2
-    echo "removed all tenants"
+    echo "removed all projects"
     source $TOP_DIR/openrc demo demo
 }
 
 function create_network {
-    local TENANT=$1
+    local PROJECT=$1
     local GATEWAY=$2
     local CIDR=$3
     local NUM=$4
     local EXTRA=$5
-    local NET_NAME="${TENANT}-net$NUM"
+    local NET_NAME="${PROJECT}-net$NUM"
-    local ROUTER_NAME="${TENANT}-router${NUM}"
+    local ROUTER_NAME="${PROJECT}-router${NUM}"
     source $TOP_DIR/openrc admin admin
-    local TENANT_ID
+    local PROJECT_ID
-    TENANT_ID=$(get_tenant_id $TENANT)
+    PROJECT_ID=$(get_project_id $PROJECT)
-    source $TOP_DIR/openrc $TENANT $TENANT
+    source $TOP_DIR/openrc $PROJECT $PROJECT
     local NET_ID
-    NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
+    NET_ID=$(neutron net-create --project-id $PROJECT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
-    die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $TENANT_ID $NET_NAME $EXTRA"
+    die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PROJECT_ID $NET_NAME $EXTRA"
-    neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR
+    neutron subnet-create --ip-version 4 --project-id $PROJECT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR
     neutron_debug_admin probe-create --device-owner compute $NET_ID
     source $TOP_DIR/openrc demo demo
 }
 
 function create_networks {
-    foreach_tenant_net 'create_network ${%TENANT%_NAME} ${%TENANT%_NET%NUM%_GATEWAY} ${%TENANT%_NET%NUM%_CIDR} %NUM% ${%TENANT%_NET%NUM%_EXTRA}'
+    foreach_project_net 'create_network ${%PROJECT%_NAME} ${%PROJECT%_NET%NUM%_GATEWAY} ${%PROJECT%_NET%NUM%_CIDR} %NUM% ${%PROJECT%_NET%NUM%_EXTRA}'
     #TODO(nati) test security group function
-    # allow ICMP for both tenant's security groups
+    # allow ICMP for both project's security groups
     #source $TOP_DIR/openrc demo1 demo1
     #$NOVA secgroup-add-rule default icmp -1 -1 0.0.0.0/0
     #source $TOP_DIR/openrc demo2 demo2
@@ -251,10 +251,10 @@ function create_networks {
 }
 
 function create_vm {
-    local TENANT=$1
+    local PROJECT=$1
     local NUM=$2
     local NET_NAMES=$3
-    source $TOP_DIR/openrc $TENANT $TENANT
+    source $TOP_DIR/openrc $PROJECT $PROJECT
     local NIC=""
     for NET_NAME in ${NET_NAMES//,/ };do
         NIC="$NIC --nic net-id="`get_network_id $NET_NAME`
@@ -265,13 +265,13 @@ function create_vm {
     VM_UUID=`nova boot --flavor $(get_flavor_id m1.tiny) \
         --image $(get_image_id) \
         $NIC \
-        $TENANT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
+        $PROJECT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
-    die_if_not_set $LINENO VM_UUID "Failure launching $TENANT-server$NUM"
+    die_if_not_set $LINENO VM_UUID "Failure launching $PROJECT-server$NUM"
     confirm_server_active $VM_UUID
 }
 
 function create_vms {
-    foreach_tenant_vm 'create_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}'
+    foreach_project_vm 'create_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}'
 }
 
 function ping_ip {
@@ -284,11 +284,11 @@ function ping_ip {
 }
 
 function check_vm {
-    local TENANT=$1
+    local PROJECT=$1
     local NUM=$2
-    local VM_NAME="$TENANT-server$NUM"
+    local VM_NAME="$PROJECT-server$NUM"
     local NET_NAME=$3
-    source $TOP_DIR/openrc $TENANT $TENANT
+    source $TOP_DIR/openrc $PROJECT $PROJECT
     ping_ip $VM_NAME $NET_NAME
     # TODO (nati) test ssh connection
     # TODO (nati) test inter connection between vm
@@ -297,31 +297,31 @@ function check_vm {
 }
 
 function check_vms {
-    foreach_tenant_vm 'check_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}'
+    foreach_project_vm 'check_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}'
 }
 
 function shutdown_vm {
-    local TENANT=$1
+    local PROJECT=$1
     local NUM=$2
-    source $TOP_DIR/openrc $TENANT $TENANT
+    source $TOP_DIR/openrc $PROJECT $PROJECT
-    VM_NAME=${TENANT}-server$NUM
+    VM_NAME=${PROJECT}-server$NUM
     nova delete $VM_NAME
 }
 
 function shutdown_vms {
-    foreach_tenant_vm 'shutdown_vm ${%TENANT%_NAME} %NUM%'
+    foreach_project_vm 'shutdown_vm ${%PROJECT%_NAME} %NUM%'
     if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then
         die $LINENO "Some VMs failed to shutdown"
     fi
 }
 
 function delete_network {
-    local TENANT=$1
+    local PROJECT=$1
     local NUM=$2
-    local NET_NAME="${TENANT}-net$NUM"
+    local NET_NAME="${PROJECT}-net$NUM"
     source $TOP_DIR/openrc admin admin
-    local TENANT_ID
+    local PROJECT_ID
-    TENANT_ID=$(get_tenant_id $TENANT)
+    PROJECT_ID=$(get_project_id $PROJECT)
     #TODO(nati) comment out until l3-agent merged
     #for res in port subnet net router;do
     for net_id in `neutron net-list -c id -c name | grep $NET_NAME | awk '{print $2}'`;do
@@ -333,7 +333,7 @@ function delete_network {
 }
 
 function delete_networks {
-    foreach_tenant_net 'delete_network ${%TENANT%_NAME} %NUM%'
+    foreach_project_net 'delete_network ${%PROJECT%_NAME} %NUM%'
     # TODO(nati) add secuirty group check after it is implemented
     # source $TOP_DIR/openrc demo1 demo1
     # nova secgroup-delete-rule default icmp -1 -1 0.0.0.0/0
@@ -342,7 +342,7 @@ function delete_networks {
 }
 
 function create_all {
-    create_tenants
+    create_projects
     create_networks
     create_vms
 }
@@ -350,7 +350,7 @@ function create_all {
 function delete_all {
     shutdown_vms
     delete_networks
-    delete_tenants_and_users
+    delete_projects_and_users
 }
 
 function all {
@@ -366,8 +366,8 @@ function test_functions {
     IMAGE=$(get_image_id)
     echo $IMAGE
 
-    TENANT_ID=$(get_tenant_id demo)
+    PROJECT_ID=$(get_project_id demo)
-    echo $TENANT_ID
+    echo $PROJECT_ID
 
     FLAVOR_ID=$(get_flavor_id m1.tiny)
     echo $FLAVOR_ID
@@ -382,11 +382,11 @@ function test_functions {
 function usage {
     echo "$0: [-h]"
     echo "  -h, --help              Display help message"
-    echo "  -t, --tenant            Create tenants"
+    echo "  -t, --project            Create projects"
     echo "  -n, --net               Create networks"
     echo "  -v, --vm                Create vms"
     echo "  -c, --check             Check connection"
-    echo "  -x, --delete-tenants    Delete tenants"
+    echo "  -x, --delete-projects    Delete projects"
     echo "  -y, --delete-nets       Delete networks"
     echo "  -z, --delete-vms        Delete vms"
     echo "  -T, --test              Test functions"
@@ -412,7 +412,7 @@ function main {
                 -v | --vm )     create_vms
                                 exit
                                 ;;
-                -t | --tenant ) create_tenants
+                -t | --project ) create_projects
                                 exit
                                 ;;
                 -c | --check )   check_vms
@@ -421,7 +421,7 @@ function main {
                 -T | --test )   test_functions
                                 exit
                                 ;;
-                -x | --delete-tenants ) delete_tenants_and_users
+                -x | --delete-projects ) delete_projects_and_users
                                 exit
                                 ;;
                 -y | --delete-nets ) delete_networks

lib/cinder

@@ -351,7 +351,7 @@ function configure_cinder {
     # Set os_privileged_user credentials (used for os-assisted-snapshots)
     iniset $CINDER_CONF DEFAULT os_privileged_user_name nova
     iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
-    iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_TENANT_NAME"
+    iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME"
     iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
 }
 

lib/glance

@@ -143,7 +143,7 @@ function configure_glance {
         iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
         iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
 
-        iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift
         iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
         iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
         iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id default
@@ -198,7 +198,7 @@ function configure_glance {
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
     iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
-    iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
+    iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
     iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password
@@ -226,9 +226,9 @@ function configure_glance {
 
 # Project              User            Roles
 # ---------------------------------------------------------------------
-# SERVICE_TENANT_NAME  glance          service
+# SERVICE_PROJECT_NAME  glance          service
-# SERVICE_TENANT_NAME  glance-swift    ResellerAdmin (if Swift is enabled)
+# SERVICE_PROJECT_NAME  glance-swift    ResellerAdmin (if Swift is enabled)
-# SERVICE_TENANT_NAME  glance-search   search (if Search is enabled)
+# SERVICE_PROJECT_NAME  glance-search   search (if Search is enabled)
 
 function create_glance_accounts {
     if is_service_enabled g-api; then
@@ -241,7 +241,7 @@ function create_glance_accounts {
             local glance_swift_user
             glance_swift_user=$(get_or_create_user "glance-swift" \
                 "$SERVICE_PASSWORD" "default" "glance-swift@example.com")
-            get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
+            get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_PROJECT_NAME
         fi
 
         get_or_create_service "glance" "image" "Glance Image Service"

lib/keystone

@@ -108,7 +108,7 @@ KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 # Bind hosts
 KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
 # Set the tenant for service accounts in Keystone
-SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
+SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service}
 
 # if we are running with SSL use https protocols
 if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
@@ -384,7 +384,7 @@ function create_keystone_accounts {
     get_or_add_user_domain_role $admin_role $admin_user default
 
     # Create service project/role
-    get_or_create_project "$SERVICE_TENANT_NAME" default
+    get_or_create_project "$SERVICE_PROJECT_NAME" default
 
     # Service role, so service users do not have to be admins
     get_or_create_role service
@@ -458,7 +458,7 @@ function create_service_user {
 
     local user
     user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
-    get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
+    get_or_add_user_project_role "$role" "$user" "$SERVICE_PROJECT_NAME"
 }
 
 # Configure the service to use the auth token middleware.
@@ -479,7 +479,7 @@ function configure_auth_token_middleware {
     iniset $conf_file $section username $admin_user
     iniset $conf_file $section password $SERVICE_PASSWORD
     iniset $conf_file $section user_domain_id default
-    iniset $conf_file $section project_name $SERVICE_TENANT_NAME
+    iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
     iniset $conf_file $section project_domain_id default
 
     iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI

lib/neutron-legacy

@@ -483,7 +483,7 @@ function create_nova_conf_neutron {
     iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
     iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
     iniset $NOVA_CONF neutron user_domain_name "Default"
-    iniset $NOVA_CONF neutron project_name "$SERVICE_TENANT_NAME"
+    iniset $NOVA_CONF neutron project_name "$SERVICE_PROJECT_NAME"
     iniset $NOVA_CONF neutron project_domain_name "Default"
     iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
     iniset $NOVA_CONF neutron region_name "$REGION_NAME"
@@ -1169,7 +1169,7 @@ function _configure_neutron_service {
     iniset $NEUTRON_CONF nova username nova
     iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
     iniset $NEUTRON_CONF nova user_domain_id default
-    iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
+    iniset $NEUTRON_CONF nova project_name $SERVICE_PROJECT_NAME
     iniset $NEUTRON_CONF nova project_domain_id default
     iniset $NEUTRON_CONF nova region_name $REGION_NAME
 

lib/nova

@@ -404,8 +404,8 @@ function configure_nova {
 #
 # Project              User         Roles
 # ------------------------------------------------------------------
-# SERVICE_TENANT_NAME  nova         admin
+# SERVICE_PROJECT_NAME  nova         admin
-# SERVICE_TENANT_NAME  nova         ResellerAdmin (if Swift is enabled)
+# SERVICE_PROJECT_NAME  nova         ResellerAdmin (if Swift is enabled)
 function create_nova_accounts {
 
     # Nova
@@ -444,7 +444,7 @@ function create_nova_accounts {
         if is_service_enabled swift; then
             # Nova needs ResellerAdmin role to download images when accessing
             # swift through the s3 api.
-            get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME
+            get_or_add_user_project_role ResellerAdmin nova $SERVICE_PROJECT_NAME
         fi
     fi
 

lib/swift

@@ -450,7 +450,7 @@ auth_host = ${KEYSTONE_AUTH_HOST}
 auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
 cafile = ${SSL_BUNDLE_FILE}
 admin_user = swift
-admin_tenant_name = ${SERVICE_TENANT_NAME}
+admin_tenant_name = ${SERVICE_PROJECT_NAME}
 admin_password = ${SERVICE_PASSWORD}
 
 [filter:swift3]
@@ -812,7 +812,7 @@ function swift_configure_tempurls {
     # note we are using swift credentials!
     OS_USERNAME=swift \
     OS_PASSWORD=$SERVICE_PASSWORD \
-    OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
+    OS_PROJECT_NAME=$SERVICE_PROJECT_NAME \
     openstack object store account \
         set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY"
 }

openrc

@@ -1,9 +1,9 @@
 #!/usr/bin/env bash
 #
-# source openrc [username] [tenantname]
+# source openrc [username] [projectname]
 #
-# Configure a set of credentials for $TENANT/$USERNAME:
+# Configure a set of credentials for $PROJECT/$USERNAME:
-#   Set OS_TENANT_NAME to override the default tenant 'demo'
+#   Set OS_PROJECT_NAME to override the default project 'demo'
 #   Set OS_USERNAME to override the default user name 'demo'
 #   Set ADMIN_PASSWORD to set the password for 'admin' and 'demo'
 
@@ -14,7 +14,7 @@ if [[ -n "$1" ]]; then
     OS_USERNAME=$1
 fi
 if [[ -n "$2" ]]; then
-    OS_TENANT_NAME=$2
+    OS_PROJECT_NAME=$2
 fi
 
 # Find the other rc files
@@ -34,13 +34,17 @@ fi
 # Get some necessary configuration
 source $RC_DIR/lib/tls
 
-# The introduction of Keystone to the OpenStack ecosystem has standardized the
+# The OpenStack ecosystem has standardized the term **project** as the
-# term **tenant** as the entity that owns resources.  In some places references
+# entity that owns resources.  In some places **tenant** remains
-# still exist to the original Nova term **project** for this use.  Also,
+# referenced, but in all cases this just means **project**.  We will
-# **tenant_name** is preferred to **tenant_id**.
+# warn if we need to turn on legacy **tenant** support to have a
-export OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
+# working environment.
+export OS_PROJECT_NAME=${OS_PROJECT_NAME:-demo}
 
-# In addition to the owning entity (tenant), nova stores the entity performing
+echo "WARNING: setting legacy OS_TENANT_NAME to support cli tools."
+export OS_TENANT_NAME=$OS_PROJECT_NAME
+
+# In addition to the owning entity (project), nova stores the entity performing
 # the action as the **user**.
 export OS_USERNAME=${OS_USERNAME:-demo}
 
@@ -81,7 +85,7 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
 
 # Authenticating against an OpenStack cloud using Keystone returns a **Token**
 # and **Service Catalog**.  The catalog contains the endpoints for all services
-# the user/tenant has access to - including nova, glance, keystone, swift, ...
+# the user/project has access to - including nova, glance, keystone, swift, ...
 # We currently recommend using the 2.0 *identity api*.
 #
 export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}

stack.sh

@@ -1210,7 +1210,7 @@ fi
 
 # Create an access key and secret key for Nova EC2 register image
 if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then
-    eval $(openstack ec2 credentials create --user nova --project $SERVICE_TENANT_NAME -f shell -c access -c secret)
+    eval $(openstack ec2 credentials create --user nova --project $SERVICE_PROJECT_NAME -f shell -c access -c secret)
     iniset $NOVA_CONF DEFAULT s3_access_key "$access"
     iniset $NOVA_CONF DEFAULT s3_secret_key "$secret"
     iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"