From eb37657d8e34e1d0f8ee639c3953a752ba615d8d Mon Sep 17 00:00:00 2001 From: Jens Harbott Date: Wed, 24 Feb 2021 10:04:31 +0100 Subject: [PATCH] Make creation of keystone admin endpoint optional The keystone admin endpoint technically isn't different any longer from the other keystone endpoints in v3 of the API. However, some applications like heat are still relying on it to exist. So we make the creation of the admin endpoint during bootstrap optional here, with the intention to change the default to False once all jobs that still need this are modified to explicitly require it. Change-Id: I7ab12141c558186e397c174c248a613d1810011b --- lib/keystone | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/keystone b/lib/keystone index 096bafb41f..f8b5ccb009 100644 --- a/lib/keystone +++ b/lib/keystone @@ -122,6 +122,9 @@ KEYSTONE_PASSWORD_HASH_ROUNDS=${KEYSTONE_PASSWORD_HASH_ROUNDS:-4} # Cache settings KEYSTONE_ENABLE_CACHE=${KEYSTONE_ENABLE_CACHE:-True} +# Whether to create a keystone admin endpoint for legacy applications +KEYSTONE_ADMIN_ENDPOINT=$(trueorfalse True KEYSTONE_ADMIN_ENDPOINT) + # Functions # --------- @@ -556,8 +559,16 @@ function bootstrap_keystone { --bootstrap-role-name admin \ --bootstrap-service-name keystone \ --bootstrap-region-id "$REGION_NAME" \ - --bootstrap-admin-url "$KEYSTONE_SERVICE_URI" \ --bootstrap-public-url "$KEYSTONE_SERVICE_URI" + if [ "$KEYSTONE_ADMIN_ENDPOINT" == "True" ]; then + openstack endpoint create --region "$REGION_NAME" \ + --os-username admin \ + --os-user-domain-id default \ + --os-password "$ADMIN_PASSWORD" \ + --os-project-name admin \ + --os-project-domain-id default \ + keystone admin "$KEYSTONE_SERVICE_URI" + fi } # create_ldap_domain() - Create domain file and initialize domain with a user