Merge "Use identity_uri instead of auth fragments"
This commit is contained in:
commit
da2fe19e24
@ -164,9 +164,7 @@ function configure_ceilometer {
|
||||
iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
|
||||
iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
|
||||
|
||||
iniset $CEILOMETER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $CEILOMETER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $CEILOMETER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $CEILOMETER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer
|
||||
iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
|
@ -233,9 +233,7 @@ function configure_cinder {
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
|
||||
|
||||
iniset $CINDER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $CINDER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $CINDER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $CINDER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $CINDER_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $CINDER_CONF keystone_authtoken admin_user cinder
|
||||
|
12
lib/glance
12
lib/glance
@ -89,9 +89,7 @@ function configure_glance {
|
||||
iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
|
||||
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
|
||||
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
configure_API_version $GLANCE_REGISTRY_CONF $IDENTITY_API_VERSION
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
@ -107,9 +105,7 @@ function configure_glance {
|
||||
iniset $GLANCE_API_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
|
||||
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
||||
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
|
||||
iniset $GLANCE_API_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $GLANCE_API_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $GLANCE_API_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $GLANCE_API_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
configure_API_version $GLANCE_API_CONF $IDENTITY_API_VERSION
|
||||
iniset $GLANCE_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
@ -128,7 +124,7 @@ function configure_glance {
|
||||
# Store the images in swift if enabled.
|
||||
if is_service_enabled s-proxy; then
|
||||
iniset $GLANCE_API_CONF DEFAULT default_store swift
|
||||
iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/
|
||||
iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_URI/v2.0/
|
||||
iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift
|
||||
iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
|
||||
iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
|
||||
@ -147,7 +143,7 @@ function configure_glance {
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
|
||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
|
||||
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
|
||||
|
8
lib/heat
8
lib/heat
@ -107,9 +107,7 @@ function configure_heat {
|
||||
fi
|
||||
|
||||
# keystone authtoken
|
||||
iniset $HEAT_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $HEAT_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $HEAT_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
|
||||
iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
@ -118,7 +116,7 @@ function configure_heat {
|
||||
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
|
||||
|
||||
# ec2authtoken
|
||||
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
|
||||
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
||||
|
||||
# paste_deploy
|
||||
[[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone
|
||||
@ -269,7 +267,7 @@ function create_heat_accounts {
|
||||
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
|
||||
# Note we have to pass token/endpoint here because the current endpoint and
|
||||
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
||||
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
|
||||
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3"
|
||||
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
|
||||
--os-identity-api-version=3 domain create heat \
|
||||
--description "Owns users and projects created by heat" \
|
||||
|
@ -162,11 +162,9 @@ function configure_ironic {
|
||||
function configure_ironic_api {
|
||||
iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
|
||||
iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
|
@ -87,6 +87,10 @@ if is_ssl_enabled_service "key"; then
|
||||
KEYSTONE_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
|
||||
# complete URIs
|
||||
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
|
||||
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
|
||||
|
||||
# Functions
|
||||
# ---------
|
||||
# cleanup_keystone() - Remove residual data files, anything left over from previous
|
||||
|
17
lib/neutron
17
lib/neutron
@ -726,7 +726,7 @@ function _configure_neutron_metadata_agent {
|
||||
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
|
||||
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
|
||||
|
||||
_neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True True
|
||||
_neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True
|
||||
|
||||
}
|
||||
|
||||
@ -868,18 +868,9 @@ function _neutron_setup_keystone {
|
||||
local section=$2
|
||||
local use_auth_url=$3
|
||||
local skip_auth_cache=$4
|
||||
local use_service_port=$5
|
||||
local keystone_port=$KEYSTONE_AUTH_PORT
|
||||
if [[ -n $use_service_port ]]; then
|
||||
keystone_port=$KEYSTONE_SERVICE_PORT
|
||||
fi
|
||||
if [[ -n $use_auth_url ]]; then
|
||||
iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$keystone_port/v2.0"
|
||||
else
|
||||
iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
|
||||
iniset $conf_file $section auth_port $keystone_port
|
||||
iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
|
||||
fi
|
||||
|
||||
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
|
||||
iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
|
||||
iniset $conf_file $section admin_password $SERVICE_PASSWORD
|
||||
|
4
lib/nova
4
lib/nova
@ -456,9 +456,7 @@ function create_nova_conf {
|
||||
|
||||
# Add keystone authtoken configuration
|
||||
|
||||
iniset $NOVA_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $NOVA_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $NOVA_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $NOVA_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $NOVA_CONF keystone_authtoken admin_user nova
|
||||
|
@ -48,7 +48,7 @@ function configure_nova_hypervisor {
|
||||
# ironic section
|
||||
iniset $NOVA_CONF ironic admin_username admin
|
||||
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
|
||||
iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
||||
iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
|
||||
iniset $NOVA_CONF ironic admin_tenant_name demo
|
||||
iniset $NOVA_CONF ironic api_endpoint http://$SERVICE_HOST:6385/v1
|
||||
iniset $NOVA_CONF ironic sql_connection `database_connection_url nova_bm`
|
||||
|
@ -133,9 +133,8 @@ function configure_trove {
|
||||
# Copy api-paste file over to the trove conf dir and configure it
|
||||
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
|
||||
TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken admin_user trove
|
||||
@ -158,7 +157,7 @@ function configure_trove {
|
||||
|
||||
# (Re)create trove taskmanager conf file if needed
|
||||
if is_service_enabled tr-tmgr; then
|
||||
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT//v$IDENTITY_API_VERSION
|
||||
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
|
||||
|
||||
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
|
||||
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
|
||||
|
4
stack.sh
4
stack.sh
@ -913,7 +913,7 @@ if is_service_enabled key; then
|
||||
start_keystone
|
||||
|
||||
# Set up a temporary admin URI for Keystone
|
||||
SERVICE_ENDPOINT=$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
||||
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
|
||||
|
||||
if is_service_enabled tls-proxy; then
|
||||
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
|
||||
@ -1346,7 +1346,7 @@ fi
|
||||
|
||||
# If Keystone is present you can point ``nova`` cli to this server
|
||||
if is_service_enabled key; then
|
||||
echo "Keystone is serving at $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/"
|
||||
echo "Keystone is serving at $KEYSTONE_SERVICE_URI/v2.0/"
|
||||
echo "Examples on using novaclient command line is in exercise.sh"
|
||||
echo "The default users are: admin and demo"
|
||||
echo "The password: $ADMIN_PASSWORD"
|
||||
|
Loading…
x
Reference in New Issue
Block a user