From 0abde393c5e2d15e840c0321b736e22291b59780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20G=C3=B3rski?= Date: Fri, 28 Feb 2014 14:15:19 +0100 Subject: [PATCH] Adds support for multi-region Change-Id: Ib85fe7cb375692b04aca4c46f61ba7e1fbfa501b Implements: blueprint multi-region --- README.md | 19 +++++++++ functions-common | 103 +++++++++++++++++++++++++++++++++++++++++++++++ lib/ceilometer | 37 ++++++----------- lib/cinder | 51 +++++++++-------------- lib/glance | 44 +++++++++----------- lib/heat | 101 ++++++++++++++++++++++------------------------ lib/ironic | 35 +++++++--------- lib/keystone | 82 ++++++++++++++----------------------- lib/marconi | 32 +++++---------- lib/neutron | 36 +++++++---------- lib/nova | 93 +++++++++++++++++------------------------- lib/sahara | 32 +++++---------- lib/swift | 54 ++++++++++--------------- lib/tempest | 13 ++---- lib/trove | 34 ++++++---------- openrc | 6 ++- stack.sh | 14 +++++-- stackrc | 3 ++ 18 files changed, 392 insertions(+), 397 deletions(-) diff --git a/README.md b/README.md index f0406c6c7f..54535fe34c 100644 --- a/README.md +++ b/README.md @@ -330,6 +330,25 @@ which includes the following, with the IP address of the above controller node: Q_HOST=$SERVICE_HOST MATCHMAKER_REDIS_HOST=$SERVICE_HOST +# Multi-Region Setup + +We want to setup two devstack (RegionOne and RegionTwo) with shared keystone +(same users and services) and horizon. +Keystone and Horizon will be located in RegionOne. +Full spec is available at: +https://wiki.openstack.org/wiki/Heat/Blueprints/Multi_Region_Support_for_Heat. + +In RegionOne: + + REGION_NAME=RegionOne + +In RegionTwo: + + disable_service horizon + KEYSTONE_SERVICE_HOST= + KEYSTONE_AUTH_HOST= + REGION_NAME=RegionTwo + # Cells Cells is a new scaling option with a full spec at: diff --git a/functions-common b/functions-common index 613a86cd84..44225ab7d3 100644 --- a/functions-common +++ b/functions-common @@ -719,6 +719,109 @@ function policy_add { mv ${tmpfile} ${policy_file} } +# Gets or creates user +# Usage: get_or_create_user +function get_or_create_user { + # Gets user id + USER_ID=$( + # Gets user id + openstack user show $1 -f value -c id 2>/dev/null || + # Creates new user + openstack user create \ + $1 \ + --password "$2" \ + --project $3 \ + --email $4 \ + -f value -c id + ) + echo $USER_ID +} + +# Gets or creates project +# Usage: get_or_create_project +function get_or_create_project { + # Gets project id + PROJECT_ID=$( + # Gets project id + openstack project show $1 -f value -c id 2>/dev/null || + # Creates new project if not exists + openstack project create $1 -f value -c id + ) + echo $PROJECT_ID +} + +# Gets or creates role +# Usage: get_or_create_role +function get_or_create_role { + ROLE_ID=$( + # Gets role id + openstack role show $1 -f value -c id 2>/dev/null || + # Creates role if not exists + openstack role create $1 -f value -c id + ) + echo $ROLE_ID +} + +# Gets or adds user role +# Usage: get_or_add_user_role +function get_or_add_user_role { + # Gets user role id + USER_ROLE_ID=$(openstack user role list \ + $2 \ + --project $3 \ + --column "ID" \ + --column "Name" \ + | grep " $1 " | get_field 1) + if [[ -z "$USER_ROLE_ID" ]]; then + # Adds role to user + USER_ROLE_ID=$(openstack role add \ + $1 \ + --user $2 \ + --project $3 \ + | grep " id " | get_field 2) + fi + echo $USER_ROLE_ID +} + +# Gets or creates service +# Usage: get_or_create_service +function get_or_create_service { + # Gets service id + SERVICE_ID=$( + # Gets service id + openstack service show $1 -f value -c id 2>/dev/null || + # Creates new service if not exists + openstack service create \ + $1 \ + --type=$2 \ + --description="$3" \ + -f value -c id + ) + echo $SERVICE_ID +} + +# Gets or creates endpoint +# Usage: get_or_create_endpoint +function get_or_create_endpoint { + # Gets endpoint id + ENDPOINT_ID=$(openstack endpoint list \ + --column "ID" \ + --column "Region" \ + --column "Service Name" \ + | grep " $2 " \ + | grep " $1 " | get_field 1) + if [[ -z "$ENDPOINT_ID" ]]; then + # Creates new endpoint + ENDPOINT_ID=$(openstack endpoint create \ + $1 \ + --region $2 \ + --publicurl $3 \ + --adminurl $4 \ + --internalurl $5 \ + | grep " id " | get_field 2) + fi + echo $ENDPOINT_ID +} # Package Functions # ================= diff --git a/lib/ceilometer b/lib/ceilometer index eef6740c8f..c90b8cbdd9 100644 --- a/lib/ceilometer +++ b/lib/ceilometer @@ -81,35 +81,22 @@ create_ceilometer_accounts() { # Ceilometer if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then - CEILOMETER_USER=$(openstack user create \ - ceilometer \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email ceilometer@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $CEILOMETER_USER + CEILOMETER_USER=$(get_or_create_user "ceilometer" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "ceilometer@example.com") + get_or_add_user_role $ADMIN_ROLE $CEILOMETER_USER $SERVICE_TENANT + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - CEILOMETER_SERVICE=$(openstack service create \ - ceilometer \ - --type=metering \ - --description="OpenStack Telemetry Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $CEILOMETER_SERVICE \ - --region RegionOne \ - --publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \ - --adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \ - --internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" + CEILOMETER_SERVICE=$(get_or_create_service "ceilometer" \ + "metering" "OpenStack Telemetry Service") + get_or_create_endpoint $CEILOMETER_SERVICE \ + "$REGION_NAME" \ + "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \ + "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \ + "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" fi if is_service_enabled swift; then # Ceilometer needs ResellerAdmin role to access swift account stats. - openstack role add \ - --project $SERVICE_TENANT_NAME \ - --user ceilometer \ - ResellerAdmin + get_or_add_user_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME fi fi } diff --git a/lib/cinder b/lib/cinder index 6f2d7c6bec..03d2f5498b 100644 --- a/lib/cinder +++ b/lib/cinder @@ -339,39 +339,26 @@ function create_cinder_accounts { # Cinder if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then - CINDER_USER=$(openstack user create \ - cinder \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email cinder@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $CINDER_USER + + CINDER_USER=$(get_or_create_user "cinder" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "cinder@example.com") + get_or_add_user_role $ADMIN_ROLE $CINDER_USER $SERVICE_TENANT + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - CINDER_SERVICE=$(openstack service create \ - cinder \ - --type=volume \ - --description="Cinder Volume Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $CINDER_SERVICE \ - --region RegionOne \ - --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ - --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ - --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" - CINDER_V2_SERVICE=$(openstack service create \ - cinderv2 \ - --type=volumev2 \ - --description="Cinder Volume Service V2" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $CINDER_V2_SERVICE \ - --region RegionOne \ - --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \ - --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \ - --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" + + CINDER_SERVICE=$(get_or_create_service "cinder" \ + "volume" "Cinder Volume Service") + get_or_create_endpoint $CINDER_SERVICE "$REGION_NAME" \ + "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ + "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ + "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" + + CINDER_V2_SERVICE=$(get_or_create_service "cinderv2" \ + "volumev2" "Cinder Volume Service V2") + get_or_create_endpoint $CINDER_V2_SERVICE "$REGION_NAME" \ + "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \ + "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \ + "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" fi fi } diff --git a/lib/glance b/lib/glance index 4eb0ada590..475bb48b3b 100644 --- a/lib/glance +++ b/lib/glance @@ -164,36 +164,28 @@ function configure_glance { function create_glance_accounts { if is_service_enabled g-api; then - openstack user create \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT_NAME \ - glance - openstack role add \ - --project $SERVICE_TENANT_NAME \ - --user glance \ - service + + GLANCE_USER=$(get_or_create_user "glance" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance@example.com") + get_or_add_user_role service $GLANCE_USER $SERVICE_TENANT_NAME + # required for swift access if is_service_enabled s-proxy; then - openstack user create \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT_NAME \ - glance-swift - openstack role add \ - --project $SERVICE_TENANT_NAME \ - --user glance-swift \ - ResellerAdmin + + GLANCE_SWIFT_USER=$(get_or_create_user "glance-swift" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance-swift@example.com") + get_or_add_user_role "ResellerAdmin" $GLANCE_SWIFT_USER $SERVICE_TENANT_NAME fi + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - openstack service create \ - --type image \ - --description "Glance Image Service" \ - glance - openstack endpoint create \ - --region RegionOne \ - --publicurl "http://$GLANCE_HOSTPORT" \ - --adminurl "http://$GLANCE_HOSTPORT" \ - --internalurl "http://$GLANCE_HOSTPORT" \ - glance + + GLANCE_SERVICE=$(get_or_create_service "glance" \ + "image" "Glance Image Service") + get_or_create_endpoint $GLANCE_SERVICE \ + "$REGION_NAME" \ + "http://$GLANCE_HOSTPORT" \ + "http://$GLANCE_HOSTPORT" \ + "http://$GLANCE_HOSTPORT" fi fi } diff --git a/lib/heat b/lib/heat index b8c03594cc..afed52b62a 100644 --- a/lib/heat +++ b/lib/heat @@ -98,6 +98,8 @@ function configure_heat { iniset $HEAT_CONF database connection `database_connection_url heat` iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom` + iniset $HEAT_CONF DEFAULT region_name_for_services "$REGION_NAME" + # logging iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG @@ -214,57 +216,44 @@ function create_heat_accounts { SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - HEAT_USER=$(openstack user create \ - heat \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email heat@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $HEAT_USER + HEAT_USER=$(get_or_create_user "heat" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "heat@example.com") + get_or_add_user_role $ADMIN_ROLE $HEAT_USER $SERVICE_TENANT + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - HEAT_SERVICE=$(openstack service create \ - heat \ - --type=orchestration \ - --description="Heat Orchestration Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $HEAT_SERVICE \ - --region RegionOne \ - --publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ - --adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ - --internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" - HEAT_CFN_SERVICE=$(openstack service create \ - heat \ - --type=cloudformation \ - --description="Heat CloudFormation Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $HEAT_CFN_SERVICE \ - --region RegionOne \ - --publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ - --adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ - --internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" + + HEAT_SERVICE=$(get_or_create_service "heat" \ + "orchestration" "Heat Orchestration Service") + get_or_create_endpoint $HEAT_SERVICE \ + "$REGION_NAME" \ + "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ + "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ + "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" + + HEAT_CFN_SERVICE=$(get_or_create_service "heat-cfn" \ + "cloudformation" "Heat CloudFormation Service") + get_or_create_endpoint $HEAT_CFN_SERVICE \ + "$REGION_NAME" \ + "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ + "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \ + "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" fi # heat_stack_user role is for users created by Heat - openstack role create heat_stack_user + get_or_create_role "heat_stack_user" if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then + # heat_stack_owner role is given to users who create Heat stacks, # it's the default role used by heat to delegate to the heat service # user (for performing deferred operations via trusts), see heat.conf - HEAT_OWNER_ROLE=$(openstack role create \ - heat_stack_owner \ - | grep " id " | get_field 2) + HEAT_OWNER_ROLE=$(get_or_create_role "heat_stack_owner") # Give the role to the demo and admin users so they can create stacks # in either of the projects created by devstack - openstack role add $HEAT_OWNER_ROLE --project demo --user demo - openstack role add $HEAT_OWNER_ROLE --project demo --user admin - openstack role add $HEAT_OWNER_ROLE --project admin --user admin + get_or_add_user_role $HEAT_OWNER_ROLE demo demo + get_or_add_user_role $HEAT_OWNER_ROLE admin demo + get_or_add_user_role $HEAT_OWNER_ROLE admin admin iniset $HEAT_CONF DEFAULT deferred_auth_method trusts fi @@ -272,21 +261,27 @@ function create_heat_accounts { # Note we have to pass token/endpoint here because the current endpoint and # version negotiation in OSC means just --os-identity-api-version=3 won't work KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3" - D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ - --os-identity-api-version=3 domain create heat \ - --description "Owns users and projects created by heat" \ - | grep ' id ' | get_field 2) - iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID} - openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ - --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \ - --domain $D_ID heat_domain_admin \ - --description "Manages users and projects created by heat" - openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ - --os-identity-api-version=3 role add \ - --user heat_domain_admin --domain ${D_ID} admin - iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin - iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD + D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ + --os-identity-api-version=3 domain list | grep ' heat ' | get_field 1) + + if [[ -z "$D_ID" ]]; then + D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ + --os-identity-api-version=3 domain create heat \ + --description "Owns users and projects created by heat" \ + | grep ' id ' | get_field 2) + iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID} + + openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ + --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \ + --domain $D_ID heat_domain_admin \ + --description "Manages users and projects created by heat" + openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ + --os-identity-api-version=3 role add \ + --user heat_domain_admin --domain ${D_ID} admin + iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin + iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD + fi fi } diff --git a/lib/ironic b/lib/ironic index dbeb3d3d38..c24780f3c0 100644 --- a/lib/ironic +++ b/lib/ironic @@ -223,28 +223,21 @@ function create_ironic_accounts { # Ironic if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then - IRONIC_USER=$(openstack user create \ - ironic \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email ironic@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $IRONIC_USER + # Get ironic user if exists + + IRONIC_USER=$(get_or_create_user "ironic" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "ironic@example.com") + get_or_add_user_role $ADMIN_ROLE $IRONIC_USER $SERVICE_TENANT + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - IRONIC_SERVICE=$(openstack service create \ - ironic \ - --type=baremetal \ - --description="Ironic baremetal provisioning service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $IRONIC_SERVICE \ - --region RegionOne \ - --publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ - --adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ - --internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" + + IRONIC_SERVICE=$(get_or_create_service "ironic" \ + "baremetal" "Ironic baremetal provisioning service") + get_or_create_endpoint $IRONIC_SERVICE \ + "$REGION_NAME" \ + "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ + "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ + "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" fi fi } diff --git a/lib/keystone b/lib/keystone index 41ed4c1a27..e6f69fae55 100644 --- a/lib/keystone +++ b/lib/keystone @@ -277,6 +277,8 @@ function configure_keystone { iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s" _config_keystone_apache_wsgi fi + + iniset $KEYSTONE_CONF DEFAULT max_token_size 16384 } function configure_keystone_extensions { @@ -315,79 +317,55 @@ function configure_keystone_extensions { function create_keystone_accounts { # admin - ADMIN_TENANT=$(openstack project create \ - admin \ - | grep " id " | get_field 2) - ADMIN_USER=$(openstack user create \ - admin \ - --project "$ADMIN_TENANT" \ - --email admin@example.com \ - --password "$ADMIN_PASSWORD" \ - | grep " id " | get_field 2) - ADMIN_ROLE=$(openstack role create \ - admin \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $ADMIN_TENANT \ - --user $ADMIN_USER + ADMIN_TENANT=$(get_or_create_project "admin") + ADMIN_USER=$(get_or_create_user "admin" \ + "$ADMIN_PASSWORD" "$ADMIN_TENANT" "admin@example.com") + ADMIN_ROLE=$(get_or_create_role "admin") + get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $ADMIN_TENANT # Create service project/role - openstack project create $SERVICE_TENANT_NAME + get_or_create_project "$SERVICE_TENANT_NAME" # Service role, so service users do not have to be admins - openstack role create service + get_or_create_role service # The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it. # The admin role in swift allows a user to act as an admin for their tenant, # but ResellerAdmin is needed for a user to act as any tenant. The name of this # role is also configurable in swift-proxy.conf - openstack role create ResellerAdmin + get_or_create_role ResellerAdmin # The Member role is used by Horizon and Swift so we need to keep it: - MEMBER_ROLE=$(openstack role create \ - Member \ - | grep " id " | get_field 2) + MEMBER_ROLE=$(get_or_create_role "Member") + # ANOTHER_ROLE demonstrates that an arbitrary role may be created and used # TODO(sleepsonthefloor): show how this can be used for rbac in the future! - ANOTHER_ROLE=$(openstack role create \ - anotherrole \ - | grep " id " | get_field 2) + + ANOTHER_ROLE=$(get_or_create_role "anotherrole") # invisible tenant - admin can't see this one - INVIS_TENANT=$(openstack project create \ - invisible_to_admin \ - | grep " id " | get_field 2) + INVIS_TENANT=$(get_or_create_project "invisible_to_admin") # demo - DEMO_TENANT=$(openstack project create \ - demo \ - | grep " id " | get_field 2) - DEMO_USER=$(openstack user create \ - demo \ - --project $DEMO_TENANT \ - --email demo@example.com \ - --password "$ADMIN_PASSWORD" \ - | grep " id " | get_field 2) + DEMO_TENANT=$(get_or_create_project "demo") + DEMO_USER=$(get_or_create_user "demo" \ + "$ADMIN_PASSWORD" "$DEMO_TENANT" "demo@example.com") - openstack role add --project $DEMO_TENANT --user $DEMO_USER $MEMBER_ROLE - openstack role add --project $DEMO_TENANT --user $ADMIN_USER $ADMIN_ROLE - openstack role add --project $DEMO_TENANT --user $DEMO_USER $ANOTHER_ROLE - openstack role add --project $INVIS_TENANT --user $DEMO_USER $MEMBER_ROLE + get_or_add_user_role $MEMBER_ROLE $DEMO_USER $DEMO_TENANT + get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $DEMO_TENANT + get_or_add_user_role $ANOTHER_ROLE $DEMO_USER $DEMO_TENANT + get_or_add_user_role $MEMBER_ROLE $DEMO_USER $INVIS_TENANT # Keystone if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - KEYSTONE_SERVICE=$(openstack service create \ - keystone \ - --type identity \ - --description "Keystone Identity Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $KEYSTONE_SERVICE \ - --region RegionOne \ - --publicurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \ - --adminurl "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \ - --internalurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" + + KEYSTONE_SERVICE=$(get_or_create_service "keystone" \ + "identity" "Keystone Identity Service") + get_or_create_endpoint $KEYSTONE_SERVICE \ + "$REGION_NAME" \ + "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \ + "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \ + "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" fi } diff --git a/lib/marconi b/lib/marconi index 20bf0e1c14..d7822c96eb 100644 --- a/lib/marconi +++ b/lib/marconi @@ -178,29 +178,19 @@ function create_marconi_accounts { SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - MARCONI_USER=$(openstack user create \ - marconi \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email marconi@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $MARCONI_USER + MARCONI_USER=$(get_or_create_user "marconi" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "marconi@example.com") + get_or_add_user_role $ADMIN_ROLE $MARCONI_USER $SERVICE_TENANT if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - MARCONI_SERVICE=$(openstack service create \ - marconi \ - --type=queuing \ - --description="Marconi Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $MARCONI_SERVICE \ - --region RegionOne \ - --publicurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \ - --adminurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \ - --internalurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" + + MARCONI_SERVICE=$(get_or_create_service "marconi" \ + "queuing" "Marconi Service") + get_or_create_endpoint $MARCONI_SERVICE \ + "$REGION_NAME" \ + "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \ + "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \ + "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" fi } diff --git a/lib/neutron b/lib/neutron index 2c6f53b0e2..c578aadbd6 100644 --- a/lib/neutron +++ b/lib/neutron @@ -307,7 +307,7 @@ function create_nova_conf_neutron { iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0" iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY" iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME" - iniset $NOVA_CONF neutron region_name "RegionOne" + iniset $NOVA_CONF neutron region_name "$REGION_NAME" iniset $NOVA_CONF neutron url "http://$Q_HOST:$Q_PORT" if [[ "$Q_USE_SECGROUP" == "True" ]]; then @@ -350,28 +350,20 @@ function create_neutron_accounts { ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then - NEUTRON_USER=$(openstack user create \ - neutron \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email neutron@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $NEUTRON_USER + + NEUTRON_USER=$(get_or_create_user "neutron" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "neutron@example.com") + get_or_add_user_role $ADMIN_ROLE $NEUTRON_USER $SERVICE_TENANT + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - NEUTRON_SERVICE=$(openstack service create \ - neutron \ - --type=network \ - --description="Neutron Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $NEUTRON_SERVICE \ - --region RegionOne \ - --publicurl "http://$SERVICE_HOST:9696/" \ - --adminurl "http://$SERVICE_HOST:9696/" \ - --internalurl "http://$SERVICE_HOST:9696/" + + NEUTRON_SERVICE=$(get_or_create_service "neutron" \ + "network" "Neutron Service") + get_or_create_endpoint $NEUTRON_SERVICE \ + "$REGION_NAME" \ + "http://$SERVICE_HOST:9696/" \ + "http://$SERVICE_HOST:9696/" \ + "http://$SERVICE_HOST:9696/" fi fi } diff --git a/lib/nova b/lib/nova index 3d31d68f4f..ebdb6b40bc 100644 --- a/lib/nova +++ b/lib/nova @@ -333,39 +333,28 @@ create_nova_accounts() { # Nova if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then - NOVA_USER=$(openstack user create \ - nova \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email nova@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $NOVA_USER + + NOVA_USER=$(get_or_create_user "nova" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "nova@example.com") + get_or_add_user_role $ADMIN_ROLE $NOVA_USER $SERVICE_TENANT + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - NOVA_SERVICE=$(openstack service create \ - nova \ - --type=compute \ - --description="Nova Compute Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $NOVA_SERVICE \ - --region RegionOne \ - --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ - --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ - --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" - NOVA_V3_SERVICE=$(openstack service create \ - novav3 \ - --type=computev3 \ - --description="Nova Compute Service V3" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $NOVA_V3_SERVICE \ - --region RegionOne \ - --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ - --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ - --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" + + NOVA_SERVICE=$(get_or_create_service "nova" \ + "compute" "Nova Compute Service") + get_or_create_endpoint $NOVA_SERVICE \ + "$REGION_NAME" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" + + NOVA_V3_SERVICE=$(get_or_create_service "novav3" \ + "computev3" "Nova Compute Service V3") + get_or_create_endpoint $NOVA_V3_SERVICE \ + "$REGION_NAME" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" fi fi @@ -374,40 +363,32 @@ create_nova_accounts() { if is_service_enabled swift; then # Nova needs ResellerAdmin role to download images when accessing # swift through the s3 api. - openstack role add \ - --project $SERVICE_TENANT_NAME \ - --user nova \ - ResellerAdmin + get_or_add_user_role ResellerAdmin nova $SERVICE_TENANT_NAME fi # EC2 if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then - openstack service create \ - --type ec2 \ - --description "EC2 Compatibility Layer" \ - ec2 - openstack endpoint create \ - --region RegionOne \ - --publicurl "http://$SERVICE_HOST:8773/services/Cloud" \ - --adminurl "http://$SERVICE_HOST:8773/services/Admin" \ - --internalurl "http://$SERVICE_HOST:8773/services/Cloud" \ - ec2 + + EC2_SERVICE=$(get_or_create_service "ec2" \ + "ec2" "EC2 Compatibility Layer") + get_or_create_endpoint $EC2_SERVICE \ + "$REGION_NAME" \ + "http://$SERVICE_HOST:8773/services/Cloud" \ + "http://$SERVICE_HOST:8773/services/Admin" \ + "http://$SERVICE_HOST:8773/services/Cloud" fi fi # S3 if is_service_enabled n-obj swift3; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - openstack service create \ - --type s3 \ - --description "S3" \ - s3 - openstack endpoint create \ - --region RegionOne \ - --publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ - --adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ - --internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ - s3 + + S3_SERVICE=$(get_or_create_service "s3" "s3" "S3") + get_or_create_endpoint $S3_SERVICE \ + "$REGION_NAME" \ + "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ + "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ + "http://$SERVICE_HOST:$S3_SERVICE_PORT" fi fi } diff --git a/lib/sahara b/lib/sahara index 934989b2d6..0cc2fe96bc 100644 --- a/lib/sahara +++ b/lib/sahara @@ -60,29 +60,19 @@ function create_sahara_accounts { SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - SAHARA_USER=$(openstack user create \ - sahara \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email sahara@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $SAHARA_USER + SAHARA_USER=$(get_or_create_user "sahara" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "sahara@example.com") + get_or_add_user_role $ADMIN_ROLE $SAHARA_USER $SERVICE_TENANT if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - SAHARA_SERVICE=$(openstack service create \ - sahara \ - --type=data_processing \ - --description="Sahara Data Processing" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $SAHARA_SERVICE \ - --region RegionOne \ - --publicurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \ - --adminurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \ - --internalurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" + + SAHARA_SERVICE=$(get_or_create_service "sahara" \ + "data_processing" "Sahara Data Processing") + get_or_create_endpoint $SAHARA_SERVICE \ + "$REGION_NAME" \ + "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \ + "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \ + "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" fi } diff --git a/lib/swift b/lib/swift index c47b09f6d7..5e0f1a7b56 100644 --- a/lib/swift +++ b/lib/swift @@ -542,50 +542,40 @@ function create_swift_accounts { SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - SWIFT_USER=$(openstack user create \ - swift \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email=swift@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $ADMIN_ROLE \ - --project $SERVICE_TENANT \ - --user $SWIFT_USER + SWIFT_USER=$(get_or_create_user "swift" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "swift@example.com") + get_or_add_user_role $ADMIN_ROLE $SWIFT_USER $SERVICE_TENANT if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - SWIFT_SERVICE=$(openstack service create \ - swift \ - --type="object-store" \ - --description="Swift Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $SWIFT_SERVICE \ - --region RegionOne \ - --publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \ - --adminurl "http://$SERVICE_HOST:8080" \ - --internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" + + SWIFT_SERVICE=$(get_or_create_service "swift" \ + "object-store" "Swift Service") + get_or_create_endpoint $SWIFT_SERVICE \ + "$REGION_NAME" \ + "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \ + "http://$SERVICE_HOST:8080" \ + "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" fi - SWIFT_TENANT_TEST1=$(openstack project create swifttenanttest1 | grep " id " | get_field 2) + SWIFT_TENANT_TEST1=$(get_or_create_project swifttenanttest1) die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1" - SWIFT_USER_TEST1=$(openstack user create swiftusertest1 --password=$SWIFTUSERTEST1_PASSWORD \ - --project "$SWIFT_TENANT_TEST1" --email=test@example.com | grep " id " | get_field 2) + SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $SWIFTUSERTEST1_PASSWORD \ + "$SWIFT_TENANT_TEST1" "test@example.com") die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1" - openstack role add --user $SWIFT_USER_TEST1 --project $SWIFT_TENANT_TEST1 $ADMIN_ROLE + get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST1 $SWIFT_TENANT_TEST1 - SWIFT_USER_TEST3=$(openstack user create swiftusertest3 --password=$SWIFTUSERTEST3_PASSWORD \ - --project "$SWIFT_TENANT_TEST1" --email=test3@example.com | grep " id " | get_field 2) + SWIFT_USER_TEST3=$(get_or_create_user swiftusertest3 $SWIFTUSERTEST3_PASSWORD \ + "$SWIFT_TENANT_TEST1" "test3@example.com") die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3" - openstack role add --user $SWIFT_USER_TEST3 --project $SWIFT_TENANT_TEST1 $ANOTHER_ROLE + get_or_add_user_role $ANOTHER_ROLE $SWIFT_USER_TEST3 $SWIFT_TENANT_TEST1 - SWIFT_TENANT_TEST2=$(openstack project create swifttenanttest2 | grep " id " | get_field 2) + SWIFT_TENANT_TEST2=$(get_or_create_project swifttenanttest2) die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2" - SWIFT_USER_TEST2=$(openstack user create swiftusertest2 --password=$SWIFTUSERTEST2_PASSWORD \ - --project "$SWIFT_TENANT_TEST2" --email=test2@example.com | grep " id " | get_field 2) + SWIFT_USER_TEST2=$(get_or_create_user swiftusertest2 $SWIFTUSERTEST2_PASSWORD \ + "$SWIFT_TENANT_TEST2" "test2@example.com") die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2" - openstack role add --user $SWIFT_USER_TEST2 --project $SWIFT_TENANT_TEST2 $ADMIN_ROLE + get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST2 $SWIFT_TENANT_TEST2 } # init_swift() - Initialize rings diff --git a/lib/tempest b/lib/tempest index 1e98becdac..59c5bbcbfb 100644 --- a/lib/tempest +++ b/lib/tempest @@ -397,16 +397,9 @@ function create_tempest_accounts { if is_service_enabled tempest; then # Tempest has some tests that validate various authorization checks # between two regular users in separate tenants - openstack project create \ - alt_demo - openstack user create \ - --project alt_demo \ - --password "$ADMIN_PASSWORD" \ - alt_demo - openstack role add \ - --project alt_demo \ - --user alt_demo \ - Member + get_or_create_project alt_demo + get_or_create_user alt_demo "$ADMIN_PASSWORD" alt_demo "alt_demo@example.com" + get_or_add_user_role Member alt_demo alt_demo fi } diff --git a/lib/trove b/lib/trove index 401ab789d4..7824f2754e 100644 --- a/lib/trove +++ b/lib/trove @@ -82,28 +82,20 @@ function create_trove_accounts { SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then - TROVE_USER=$(openstack user create \ - trove \ - --password "$SERVICE_PASSWORD" \ - --project $SERVICE_TENANT \ - --email trove@example.com \ - | grep " id " | get_field 2) - openstack role add \ - $SERVICE_ROLE \ - --project $SERVICE_TENANT \ - --user $TROVE_USER + + TROVE_USER=$(get_or_create_user "trove" \ + "$SERVICE_PASSWORD" $SERVICE_TENANT "trove@example.com") + get_or_add_user_role $SERVICE_ROLE $TROVE_USER $SERVICE_TENANT + if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - TROVE_SERVICE=$(openstack service create \ - trove \ - --type=database \ - --description="Trove Service" \ - | grep " id " | get_field 2) - openstack endpoint create \ - $TROVE_SERVICE \ - --region RegionOne \ - --publicurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \ - --adminurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \ - --internalurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" + + TROVE_SERVICE=$(get_or_create_service "trove" \ + "database" "Trove Service") + get_or_create_endpoint $TROVE_SERVICE \ + "$REGION_NAME" \ + "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \ + "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \ + "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" fi fi } diff --git a/openrc b/openrc index fc066ad82c..aec8a2a642 100644 --- a/openrc +++ b/openrc @@ -53,12 +53,16 @@ export OS_PASSWORD=${ADMIN_PASSWORD:-secrete} # easier with this off. export OS_NO_CACHE=${OS_NO_CACHE:-1} +# Region +export OS_REGION_NAME=${REGION_NAME:-RegionOne} + # Set api HOST_IP endpoint. SERVICE_HOST may also be used to specify the endpoint, # which is convenient for some localrc configurations. HOST_IP=${HOST_IP:-127.0.0.1} SERVICE_HOST=${SERVICE_HOST:-$HOST_IP} SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http} KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL} +KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST} # Some exercises call glance directly. On a single-node installation, Glance # should be listening on HOST_IP. If its running elsewhere, it can be set here @@ -72,7 +76,7 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0} # the user/tenant has access to - including nova, glance, keystone, swift, ... # We currently recommend using the 2.0 *identity api*. # -export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:5000/v${OS_IDENTITY_API_VERSION} +export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION} # Set the pointer to our CA certificate chain. Harmless if TLS is not used. export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem} diff --git a/stack.sh b/stack.sh index ab6dcf384d..2011b7713d 100755 --- a/stack.sh +++ b/stack.sh @@ -726,8 +726,10 @@ git_clone $OPENSTACKCLIENT_REPO $OPENSTACKCLIENT_DIR $OPENSTACKCLIENT_BRANCH setup_develop $OPENSTACKCLIENT_DIR if is_service_enabled key; then - install_keystone - configure_keystone + if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then + install_keystone + configure_keystone + fi fi if is_service_enabled s-proxy; then @@ -926,8 +928,11 @@ fi if is_service_enabled key; then echo_summary "Starting Keystone" - init_keystone - start_keystone + + if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then + init_keystone + start_keystone + fi # Set up a temporary admin URI for Keystone SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 @@ -968,6 +973,7 @@ if is_service_enabled key; then export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=$ADMIN_PASSWORD + export OS_REGION_NAME=$REGION_NAME fi diff --git a/stackrc b/stackrc index 840f3ac5e1..1433265bee 100644 --- a/stackrc +++ b/stackrc @@ -19,6 +19,9 @@ else STACK_USER=$(whoami) fi +# Specify region name Region +REGION_NAME=${REGION_NAME:-RegionOne} + # Specify which services to launch. These generally correspond to # screen tabs. To change the default list, use the ``enable_service`` and # ``disable_service`` functions in ``local.conf``.