Make creation of keystone admin endpoint optional

The keystone admin endpoint technically isn't different any longer from the other keystone endpoints in v3 of the API. However, some applications like heat are still relying on it to exist. So we make the creation of the admin endpoint during bootstrap optional here, with the intention to change the default to False once all jobs that still need this are modified to explicitly require it. Change-Id: I7ab12141c558186e397c174c248a613d1810011b
2021-02-24 10:04:31 +01:00 · 2021-02-24 10:04:31 +01:00 · eb37657d8e
commit eb37657d8e
parent c2491bac9d
1 changed files with 12 additions and 1 deletions
--- a/lib/keystone
+++ b/lib/keystone
@ -122,6 +122,9 @@ KEYSTONE_PASSWORD_HASH_ROUNDS=${KEYSTONE_PASSWORD_HASH_ROUNDS:-4}
 # Cache settings
 KEYSTONE_ENABLE_CACHE=${KEYSTONE_ENABLE_CACHE:-True}

+# Whether to create a keystone admin endpoint for legacy applications
+KEYSTONE_ADMIN_ENDPOINT=$(trueorfalse True KEYSTONE_ADMIN_ENDPOINT)
+
 # Functions
 # ---------

@ -556,8 +559,16 @@ function bootstrap_keystone {
        --bootstrap-role-name admin \
        --bootstrap-service-name keystone \
        --bootstrap-region-id "$REGION_NAME" \
-        --bootstrap-admin-url "$KEYSTONE_SERVICE_URI" \
        --bootstrap-public-url "$KEYSTONE_SERVICE_URI"
+    if [ "$KEYSTONE_ADMIN_ENDPOINT" == "True" ]; then
+        openstack endpoint create --region "$REGION_NAME" \
+            --os-username admin \
+            --os-user-domain-id default \
+            --os-password "$ADMIN_PASSWORD" \
+            --os-project-name admin \
+            --os-project-domain-id default \
+            keystone admin "$KEYSTONE_SERVICE_URI"
+    fi
 }

 # create_ldap_domain() - Create domain file and initialize domain with a user