From 9aadec380605e4b2aab0fb159c4186618a284853 Mon Sep 17 00:00:00 2001 From: Ken'ichi Ohmichi Date: Fri, 27 Dec 2013 19:08:26 +0900 Subject: [PATCH] Remove some keystone resource parsers Current "keystone" command can parse the specified resources(tenant, user, role, service) by itself. Then it is unnecessary to translate resource names to resource ids in devstack. This patch removes these resource parsers from devstack for cleanup. Change-Id: Ibae06581b471f02168b559b4ca0c10f14996d661 --- files/keystone_data.sh | 113 +++++++++++++++++++---------------------- 1 file changed, 51 insertions(+), 62 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index ea2d52d114..07b6b601d2 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -28,16 +28,6 @@ export SERVICE_TOKEN=$SERVICE_TOKEN export SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service} -function get_id () { - echo `"$@" | awk '/ id / { print $4 }'` -} - -# Lookups -SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") -ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") -MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }") - - # Roles # ----- @@ -45,53 +35,52 @@ MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }") # The admin role in swift allows a user to act as an admin for their tenant, # but ResellerAdmin is needed for a user to act as any tenant. The name of this # role is also configurable in swift-proxy.conf -RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin) +keystone role-create --name=ResellerAdmin # Service role, so service users do not have to be admins -SERVICE_ROLE=$(get_id keystone role-create --name=service) +keystone role-create --name=service # Services # -------- if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then - NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }") # Nova needs ResellerAdmin role to download images when accessing # swift through the s3 api. keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user-id $NOVA_USER \ - --role-id $RESELLER_ROLE + --tenant $SERVICE_TENANT_NAME \ + --user nova \ + --role ResellerAdmin fi # Heat if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then - HEAT_USER=$(get_id keystone user-create --name=heat \ + keystone user-create --name=heat \ --pass="$SERVICE_PASSWORD" \ - --tenant_id $SERVICE_TENANT \ - --email=heat@example.com) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $HEAT_USER \ - --role-id $SERVICE_ROLE + --tenant $SERVICE_TENANT_NAME \ + --email=heat@example.com + keystone user-role-add --tenant $SERVICE_TENANT_NAME \ + --user heat \ + --role service # heat_stack_user role is for users created by Heat keystone role-create --name heat_stack_user if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - HEAT_CFN_SERVICE=$(get_id keystone service-create \ + keystone service-create \ --name=heat-cfn \ --type=cloudformation \ - --description="Heat CloudFormation Service") + --description="Heat CloudFormation Service" keystone endpoint-create \ --region RegionOne \ - --service_id $HEAT_CFN_SERVICE \ + --service heat-cfn \ --publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ --adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ --internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" - HEAT_SERVICE=$(get_id keystone service-create \ + keystone service-create \ --name=heat \ --type=orchestration \ - --description="Heat Service") + --description="Heat Service" keystone endpoint-create \ --region RegionOne \ - --service_id $HEAT_SERVICE \ + --service heat \ --publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ --adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ --internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" @@ -100,23 +89,23 @@ fi # Glance if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then - GLANCE_USER=$(get_id keystone user-create \ + keystone user-create \ --name=glance \ --pass="$SERVICE_PASSWORD" \ - --tenant_id $SERVICE_TENANT \ - --email=glance@example.com) + --tenant $SERVICE_TENANT_NAME \ + --email=glance@example.com keystone user-role-add \ - --tenant-id $SERVICE_TENANT \ - --user-id $GLANCE_USER \ - --role-id $ADMIN_ROLE + --tenant $SERVICE_TENANT_NAME \ + --user glance \ + --role admin if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - GLANCE_SERVICE=$(get_id keystone service-create \ + keystone service-create \ --name=glance \ --type=image \ - --description="Glance Image Service") + --description="Glance Image Service" keystone endpoint-create \ --region RegionOne \ - --service_id $GLANCE_SERVICE \ + --service glance \ --publicurl "http://$SERVICE_HOST:9292" \ --adminurl "http://$SERVICE_HOST:9292" \ --internalurl "http://$SERVICE_HOST:9292" @@ -125,25 +114,25 @@ fi # Ceilometer if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then - CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \ + keystone user-create --name=ceilometer \ --pass="$SERVICE_PASSWORD" \ - --tenant_id $SERVICE_TENANT \ - --email=ceilometer@example.com) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $CEILOMETER_USER \ - --role-id $ADMIN_ROLE + --tenant $SERVICE_TENANT_NAME \ + --email=ceilometer@example.com + keystone user-role-add --tenant $SERVICE_TENANT_NAME \ + --user ceilometer \ + --role admin # Ceilometer needs ResellerAdmin role to access swift account stats. - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $CEILOMETER_USER \ - --role-id $RESELLER_ROLE + keystone user-role-add --tenant $SERVICE_TENANT_NAME \ + --user ceilometer \ + --role ResellerAdmin if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - CEILOMETER_SERVICE=$(get_id keystone service-create \ + keystone service-create \ --name=ceilometer \ --type=metering \ - --description="Ceilometer Service") + --description="Ceilometer Service" keystone endpoint-create \ --region RegionOne \ - --service_id $CEILOMETER_SERVICE \ + --service ceilometer \ --publicurl "http://$SERVICE_HOST:8777" \ --adminurl "http://$SERVICE_HOST:8777" \ --internalurl "http://$SERVICE_HOST:8777" @@ -153,13 +142,13 @@ fi # EC2 if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - EC2_SERVICE=$(get_id keystone service-create \ + keystone service-create \ --name=ec2 \ --type=ec2 \ - --description="EC2 Compatibility Layer") + --description="EC2 Compatibility Layer" keystone endpoint-create \ --region RegionOne \ - --service_id $EC2_SERVICE \ + --service ec2 \ --publicurl "http://$SERVICE_HOST:8773/services/Cloud" \ --adminurl "http://$SERVICE_HOST:8773/services/Admin" \ --internalurl "http://$SERVICE_HOST:8773/services/Cloud" @@ -169,13 +158,13 @@ fi # S3 if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - S3_SERVICE=$(get_id keystone service-create \ + keystone service-create \ --name=s3 \ --type=s3 \ - --description="S3") + --description="S3" keystone endpoint-create \ --region RegionOne \ - --service_id $S3_SERVICE \ + --service s3 \ --publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ --adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ --internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" @@ -185,14 +174,14 @@ fi if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then # Tempest has some tests that validate various authorization checks # between two regular users in separate tenants - ALT_DEMO_TENANT=$(get_id keystone tenant-create \ - --name=alt_demo) - ALT_DEMO_USER=$(get_id keystone user-create \ + keystone tenant-create \ + --name=alt_demo + keystone user-create \ --name=alt_demo \ --pass="$ADMIN_PASSWORD" \ - --email=alt_demo@example.com) + --email=alt_demo@example.com keystone user-role-add \ - --tenant-id $ALT_DEMO_TENANT \ - --user-id $ALT_DEMO_USER \ - --role-id $MEMBER_ROLE + --tenant alt_demo \ + --user alt_demo \ + --role Member fi