diff --git a/functions-common b/functions-common index 446de5374f..473808b1f5 100644 --- a/functions-common +++ b/functions-common @@ -690,16 +690,13 @@ function policy_add { # Usage: get_or_create_domain function get_or_create_domain { local domain_id - local os_url="$KEYSTONE_SERVICE_URI_V3" # Gets domain id domain_id=$( # Gets domain id - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 domain show $1 \ + openstack domain show $1 \ -f value -c id 2>/dev/null || # Creates new domain - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 domain create $1 \ + openstack domain create $1 \ --description "$2" \ -f value -c id ) @@ -710,13 +707,11 @@ function get_or_create_domain { # Usage: get_or_create_group [] function get_or_create_group { local desc="${3:-}" - local os_url="$KEYSTONE_SERVICE_URI_V3" local group_id # Gets group id group_id=$( # Creates new group with --or-show - openstack --os-token=$OS_TOKEN --os-url=$os_url \ - --os-identity-api-version=3 group create $1 \ + openstack group create $1 \ --domain $2 --description "$desc" --or-show \ -f value -c id ) @@ -738,8 +733,6 @@ function get_or_create_user { openstack user create \ $1 \ --password "$2" \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --domain=$3 \ $email \ --or-show \ @@ -754,9 +747,7 @@ function get_or_create_project { local project_id project_id=$( # Creates new project with --or-show - openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ - project create $1 \ + openstack project create $1 \ --domain=$2 \ --or-show -f value -c id ) @@ -770,8 +761,6 @@ function get_or_create_role { role_id=$( # Creates role with --or-show openstack role create $1 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --or-show -f value -c id ) echo $role_id @@ -784,8 +773,6 @@ function get_or_add_user_project_role { # Gets user role id user_role_id=$(openstack role list \ --user $2 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --column "ID" \ --project $3 \ --column "Name" \ @@ -796,8 +783,6 @@ function get_or_add_user_project_role { $1 \ --user $2 \ --project $3 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ | grep " id " | get_field 2) fi echo $user_role_id @@ -809,21 +794,15 @@ function get_or_add_group_project_role { local group_role_id # Gets group role id group_role_id=$(openstack role list \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 \ -c "ID" -f value) if [[ -z "$group_role_id" ]]; then # Adds role to group and get it openstack role add $1 \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 group_role_id=$(openstack role list \ - --os-url=$KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --group $2 \ --project $3 \ -c "ID" -f value) @@ -841,8 +820,6 @@ function get_or_create_service { openstack service show $2 -f value -c id 2>/dev/null || # Creates new service if not exists openstack service create \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ $2 \ --name $1 \ --description="$3" \ @@ -861,8 +838,6 @@ function _get_or_create_endpoint_with_interface { # gets support for this, the check for the region name can be removed. # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772 endpoint_id=$(openstack endpoint list \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ --service $1 \ --interface $2 \ --region $4 \ @@ -870,8 +845,6 @@ function _get_or_create_endpoint_with_interface { if [[ -z "$endpoint_id" ]]; then # Creates new endpoint endpoint_id=$(openstack endpoint create \ - --os-url $KEYSTONE_SERVICE_URI_V3 \ - --os-identity-api-version=3 \ $1 $2 $3 --region $4 -f value -c id) fi diff --git a/stack.sh b/stack.sh index accfd0ac3e..093fef4cd9 100755 --- a/stack.sh +++ b/stack.sh @@ -989,13 +989,15 @@ if is_service_enabled keystone; then start_keystone fi + export OS_IDENTITY_API_VERSION=3 + # Set up a temporary admin URI for Keystone - SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 + SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3 if is_service_enabled tls-proxy; then export OS_CACERT=$INT_CA_DIR/ca-chain.pem # Until the client support is fixed, just use the internal endpoint - SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0 + SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3 fi # Setup OpenStackClient token-endpoint auth @@ -1023,14 +1025,13 @@ if is_service_enabled keystone; then # Begone token auth unset OS_TOKEN OS_URL - # force set to use v2 identity authentication even with v3 commands - export OS_AUTH_TYPE=v2password - # Set up password auth credentials now that Keystone is bootstrapped - export OS_AUTH_URL=$SERVICE_ENDPOINT - export OS_TENANT_NAME=admin + export OS_AUTH_URL=$KEYSTONE_AUTH_URI export OS_USERNAME=admin + export OS_USER_DOMAIN_ID=default export OS_PASSWORD=$ADMIN_PASSWORD + export OS_PROJECT_NAME=admin + export OS_PROJECT_DOMAIN_ID=default export OS_REGION_NAME=$REGION_NAME fi