devstack/openrc
Jens Harbott 32c00890ed Prepare for dropping keystone admin endpoint
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.

Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
2020-06-26 15:26:22 +02:00

114 lines
4.0 KiB
Bash

#!/usr/bin/env bash
#
# source openrc [username] [projectname]
#
# Configure a set of credentials for $PROJECT/$USERNAME:
# Set OS_PROJECT_NAME to override the default project 'demo'
# Set OS_USERNAME to override the default user name 'demo'
# Set ADMIN_PASSWORD to set the password for 'admin' and 'demo'
# NOTE: support for the old NOVA_* novaclient environment variables has
# been removed.
if [[ -n "$1" ]]; then
OS_USERNAME=$1
fi
if [[ -n "$2" ]]; then
OS_PROJECT_NAME=$2
fi
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
# Import common functions
source $RC_DIR/functions
# Load local configuration
source $RC_DIR/stackrc
# Load the last env variables if available
if [[ -r $RC_DIR/.stackenv ]]; then
source $RC_DIR/.stackenv
export OS_CACERT
fi
# Get some necessary configuration
source $RC_DIR/lib/tls
# The OpenStack ecosystem has standardized the term **project** as the
# entity that owns resources. In some places **tenant** remains
# referenced, but in all cases this just means **project**. We will
# warn if we need to turn on legacy **tenant** support to have a
# working environment.
export OS_PROJECT_NAME=${OS_PROJECT_NAME:-demo}
echo "WARNING: setting legacy OS_TENANT_NAME to support cli tools."
export OS_TENANT_NAME=$OS_PROJECT_NAME
# In addition to the owning entity (project), nova stores the entity performing
# the action as the **user**.
export OS_USERNAME=${OS_USERNAME:-demo}
# With Keystone you pass the keystone password instead of an api key.
# Recent versions of novaclient use OS_PASSWORD instead of NOVA_API_KEYs
# or NOVA_PASSWORD.
export OS_PASSWORD=${ADMIN_PASSWORD:-secret}
# Region
export OS_REGION_NAME=${REGION_NAME:-RegionOne}
# Set the host API endpoint. This will default to HOST_IP if SERVICE_IP_VERSION
# is 4, else HOST_IPV6 if it's 6. SERVICE_HOST may also be used to specify the
# endpoint, which is convenient for some localrc configurations. Additionally,
# some exercises call Glance directly. On a single-node installation, Glance
# should be listening on a local IP address, depending on the setting of
# SERVICE_IP_VERSION. If its running elsewhere, it can be set here.
if [[ $SERVICE_IP_VERSION == 6 ]]; then
HOST_IPV6=${HOST_IPV6:-::1}
SERVICE_HOST=${SERVICE_HOST:-[$HOST_IPV6]}
GLANCE_HOST=${GLANCE_HOST:-[$HOST_IPV6]}
else
HOST_IP=${HOST_IP:-127.0.0.1}
SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
GLANCE_HOST=${GLANCE_HOST:-$HOST_IP}
fi
# Identity API version
export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
# Ask keystoneauth1 to use keystone
export OS_AUTH_TYPE=password
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
# the user/project has access to - including nova, glance, keystone, swift, ...
# We currently recommend using the version 3 *identity api*.
#
# If you don't have a working .stackenv, this is the backup position
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP}
export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI}
# Currently, in order to use openstackclient with Identity API v3,
# we need to set the domain which the user and project belong to.
if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
fi
# Set OS_CACERT to a default CA certificate chain if it exists.
if [[ ! -v OS_CACERT ]] ; then
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
# If the file does not exist, this may confuse preflight sanity checks
if [ -e $DEFAULT_OS_CACERT ] ; then
export OS_CACERT=$DEFAULT_OS_CACERT
fi
fi
# Currently cinderclient needs you to specify the *volume api* version. This
# needs to match the config of your catalog returned by Keystone.
export CINDER_VERSION=${CINDER_VERSION:-3}
export OS_VOLUME_API_VERSION=${OS_VOLUME_API_VERSION:-$CINDER_VERSION}