From b162a1d58cdecfb32847b59bd341e06c26efb1ed Mon Sep 17 00:00:00 2001 From: Paulo Ewerton Date: Fri, 22 Jan 2016 19:13:31 +0000 Subject: [PATCH] Move default Keystone API version to v3 This patch sets Keystone v3 as default in services configuration files and in the openrc and stackrc scripts. Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f165 Partially-Implements: bp keystonev3 --- lib/glance | 2 +- lib/heat | 2 +- lib/nova_plugins/hypervisor-ironic | 2 +- lib/tempest | 5 +---- openrc | 11 +++++++++-- stackrc | 2 +- tools/create_userrc.sh | 4 ++-- 7 files changed, 16 insertions(+), 12 deletions(-) diff --git a/lib/glance b/lib/glance index 0431bba024..bf0643bf53 100644 --- a/lib/glance +++ b/lib/glance @@ -205,7 +205,7 @@ function configure_glance { iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url - iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0 + iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3 iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user diff --git a/lib/heat b/lib/heat index df44b7689c..3c3be79ad7 100644 --- a/lib/heat +++ b/lib/heat @@ -167,7 +167,7 @@ function configure_heat { iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI # ec2authtoken - iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 + iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v3 # OpenStack API iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic index c6ed85d63e..2aa9b12ae3 100644 --- a/lib/nova_plugins/hypervisor-ironic +++ b/lib/nova_plugins/hypervisor-ironic @@ -47,7 +47,7 @@ function configure_nova_hypervisor { # ironic section iniset $NOVA_CONF ironic admin_username admin iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD - iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0 + iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v3 iniset $NOVA_CONF ironic admin_tenant_name demo iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1 } diff --git a/lib/tempest b/lib/tempest index 3c34aad539..4a289fa859 100644 --- a/lib/tempest +++ b/lib/tempest @@ -259,6 +259,7 @@ function configure_tempest { # Identity iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/" iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3" + iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3} if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME iniset $TEMPEST_CONFIG auth admin_password "$password" @@ -269,10 +270,6 @@ function configure_tempest { if [ "$ENABLE_IDENTITY_V2" == "False" ]; then # Only Identity v3 is available; then skip Identity API v2 tests iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False - # In addition, use v3 auth tokens for running all Tempest tests - iniset $TEMPEST_CONFIG identity auth_version v3 - else - iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2} fi if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then diff --git a/openrc b/openrc index 9bc0fd77f4..f81345f9fa 100644 --- a/openrc +++ b/openrc @@ -77,15 +77,22 @@ KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL} KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST} # Identity API version -export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0} +export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3} # Authenticating against an OpenStack cloud using Keystone returns a **Token** # and **Service Catalog**. The catalog contains the endpoints for all services # the user/tenant has access to - including nova, glance, keystone, swift, ... -# We currently recommend using the 2.0 *identity api*. +# We currently recommend using the version 3 *identity api*. # export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION} +# Currently, in order to use openstackclient with Identity API v3, +# we need to set the domain which the user and project belong to. +if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then + export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"} + export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"} +fi + # Set OS_CACERT to a default CA certificate chain if it exists. if [[ ! -v OS_CACERT ]] ; then DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem diff --git a/stackrc b/stackrc index 58146a4a1c..903da80dec 100644 --- a/stackrc +++ b/stackrc @@ -130,7 +130,7 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then fi # Configure Identity API version: 2.0, 3 -IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0} +IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3} # Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack # deployment will be deploying the Identity v2 pipelines. If this option is set diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh index 74d5428382..00a208c21e 100755 --- a/tools/create_userrc.sh +++ b/tools/create_userrc.sh @@ -133,7 +133,7 @@ if [ -z "$OS_USERNAME" ]; then fi if [ -z "$OS_AUTH_URL" ]; then - export OS_AUTH_URL=http://localhost:5000/v2.0/ + export OS_AUTH_URL=http://localhost:5000/v3/ fi if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then @@ -236,7 +236,7 @@ export EC2_PRIVATE_KEY="$ec2_private_key" export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id) export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem" export NOVA_CERT="$ACCOUNT_DIR/cacert.pem" -export OS_AUTH_TYPE=v2password +export OS_AUTH_TYPE=v3password EOF if [ -n "$ADDPASS" ]; then echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"