Use openstack CLI instead of keystone
When running './stack.sh' messages are output stating that the keystone CLI has been deprecated. These calls should be replaced to ones utilizing the openstack CLI program instead. Documentation examples were also updated to reflect the new syntax. Change-Id: Ib20b8940e317d150e5f6febb618e20bd85d13f8b Closes-Bug: #1441340
This commit is contained in:
parent
72bdc8c271
commit
9a808922c1
@ -13,7 +13,7 @@ EC2\_URL
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
|
EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
|
||||||
|
|
||||||
S3\_URL
|
S3\_URL
|
||||||
Set the S3 endpoint for euca2ools. The endpoint is extracted from
|
Set the S3 endpoint for euca2ools. The endpoint is extracted from
|
||||||
@ -21,14 +21,14 @@ S3\_URL
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
|
export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
|
||||||
|
|
||||||
EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY
|
EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY
|
||||||
Create EC2 credentials for the current tenant:user in Keystone.
|
Create EC2 credentials for the current tenant:user in Keystone.
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
CREDS=$(keystone ec2-credentials-create)
|
CREDS=$(openstack ec2 credentials create)
|
||||||
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
|
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
|
||||||
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
|
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
|
||||||
|
|
||||||
|
@ -229,10 +229,10 @@ Additional Users
|
|||||||
----------------
|
----------------
|
||||||
|
|
||||||
DevStack creates two OpenStack users (``admin`` and ``demo``) and two
|
DevStack creates two OpenStack users (``admin`` and ``demo``) and two
|
||||||
tenants (also ``admin`` and ``demo``). ``admin`` is exactly what it
|
projects (also ``admin`` and ``demo``). ``admin`` is exactly what it
|
||||||
sounds like, a privileged administrative account that is a member of
|
sounds like, a privileged administrative account that is a member of
|
||||||
both the ``admin`` and ``demo`` tenants. ``demo`` is a normal user
|
both the ``admin`` and ``demo`` projects. ``demo`` is a normal user
|
||||||
account that is only a member of the ``demo`` tenant. Creating
|
account that is only a member of the ``demo`` project. Creating
|
||||||
additional OpenStack users can be done through the dashboard, sometimes
|
additional OpenStack users can be done through the dashboard, sometimes
|
||||||
it is easier to do them in bulk from a script, especially since they get
|
it is easier to do them in bulk from a script, especially since they get
|
||||||
blown away every time ``stack.sh`` runs. The following steps are ripe
|
blown away every time ``stack.sh`` runs. The following steps are ripe
|
||||||
@ -243,21 +243,21 @@ for scripting:
|
|||||||
# Get admin creds
|
# Get admin creds
|
||||||
. openrc admin admin
|
. openrc admin admin
|
||||||
|
|
||||||
# List existing tenants
|
# List existing projects
|
||||||
keystone tenant-list
|
openstack project list
|
||||||
|
|
||||||
# List existing users
|
# List existing users
|
||||||
keystone user-list
|
openstack user list
|
||||||
|
|
||||||
# Add a user and tenant
|
# Add a user and project
|
||||||
NAME=bob
|
NAME=bob
|
||||||
PASSWORD=BigSecrete
|
PASSWORD=BigSecrete
|
||||||
TENANT=$NAME
|
PROJECT=$NAME
|
||||||
keystone tenant-create --name=$NAME
|
openstack project create $PROJECT
|
||||||
keystone user-create --name=$NAME --pass=$PASSWORD
|
openstack user create $NAME --password=$PASSWORD --project $PROJECT
|
||||||
keystone user-role-add --user-id=<bob-user-id> --tenant-id=<bob-tenant-id> --role-id=<member-role-id>
|
openstack role add Member --user $NAME --project $PROJECT
|
||||||
# member-role-id comes from the existing member role created by stack.sh
|
# The Member role is created by stack.sh
|
||||||
# keystone role-list
|
# openstack role list
|
||||||
|
|
||||||
Swift
|
Swift
|
||||||
-----
|
-----
|
||||||
|
4
eucarc
4
eucarc
@ -19,7 +19,7 @@ RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
|
|||||||
source $RC_DIR/openrc
|
source $RC_DIR/openrc
|
||||||
|
|
||||||
# Set the ec2 url so euca2ools works
|
# Set the ec2 url so euca2ools works
|
||||||
export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
|
export EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
|
||||||
|
|
||||||
# Create EC2 credentials for the current user
|
# Create EC2 credentials for the current user
|
||||||
CREDS=$(openstack ec2 credentials create)
|
CREDS=$(openstack ec2 credentials create)
|
||||||
@ -29,7 +29,7 @@ export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
|
|||||||
# Euca2ools Certificate stuff for uploading bundles
|
# Euca2ools Certificate stuff for uploading bundles
|
||||||
# See exercises/bundle.sh to see how to get certs using nova cli
|
# See exercises/bundle.sh to see how to get certs using nova cli
|
||||||
NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
|
NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
|
||||||
export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
|
export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
|
||||||
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
|
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
|
||||||
export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
|
export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
|
||||||
export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
|
export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
|
||||||
|
@ -69,7 +69,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
|
|||||||
STATUS_KEYSTONE="Skipped"
|
STATUS_KEYSTONE="Skipped"
|
||||||
else
|
else
|
||||||
echo -e "\nTest Keystone"
|
echo -e "\nTest Keystone"
|
||||||
if keystone $TENANT_ARG $ARGS catalog --service identity; then
|
if openstack $TENANT_ARG $ARGS catalog show identity; then
|
||||||
STATUS_KEYSTONE="Succeeded"
|
STATUS_KEYSTONE="Succeeded"
|
||||||
else
|
else
|
||||||
STATUS_KEYSTONE="Failed"
|
STATUS_KEYSTONE="Failed"
|
||||||
|
@ -765,7 +765,7 @@ function upload_baremetal_ironic_deploy {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local token=$(keystone token-get | grep ' id ' | get_field 2)
|
local token=$(openstack token issue -c id -f value)
|
||||||
die_if_not_set $LINENO token "Keystone fail to get token"
|
die_if_not_set $LINENO token "Keystone fail to get token"
|
||||||
|
|
||||||
# load them into glance
|
# load them into glance
|
||||||
|
2
stack.sh
2
stack.sh
@ -1173,7 +1173,7 @@ fi
|
|||||||
# See https://help.ubuntu.com/community/CloudInit for more on ``cloud-init``
|
# See https://help.ubuntu.com/community/CloudInit for more on ``cloud-init``
|
||||||
|
|
||||||
if is_service_enabled g-reg; then
|
if is_service_enabled g-reg; then
|
||||||
TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
|
TOKEN=$(openstack token issue -c id -f value)
|
||||||
die_if_not_set $LINENO TOKEN "Keystone fail to get token"
|
die_if_not_set $LINENO TOKEN "Keystone fail to get token"
|
||||||
|
|
||||||
echo_summary "Uploading images"
|
echo_summary "Uploading images"
|
||||||
|
@ -32,7 +32,7 @@ if [[ -z "$1" ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Get a token to authenticate to glance
|
# Get a token to authenticate to glance
|
||||||
TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
|
TOKEN=$(openstack token issue -c id -f value)
|
||||||
die_if_not_set $LINENO TOKEN "Keystone fail to get token"
|
die_if_not_set $LINENO TOKEN "Keystone fail to get token"
|
||||||
|
|
||||||
# Glance connection info. Note the port must be specified.
|
# Glance connection info. Note the port must be specified.
|
||||||
|
Loading…
Reference in New Issue
Block a user