This reverts commit f768787bdd6dddf2790f83a884618d29677ca77c.
And sets OS_AUTH_VERSION so swift CLI doesn't fall flat when
not using v2 keystone
Change-Id: If44a7e0d85e48020a3c90d8c5c027513129f0f3b
... | ... |
@@ -88,9 +88,9 @@ function write_clouds_yaml { |
88 | 88 |
--file $CLOUDS_YAML \ |
89 | 89 |
--os-cloud devstack \ |
90 | 90 |
--os-region-name $REGION_NAME \ |
91 |
- --os-identity-api-version $IDENTITY_API_VERSION \ |
|
91 |
+ --os-identity-api-version 3 \ |
|
92 | 92 |
$CA_CERT_ARG \ |
93 |
- --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
|
93 |
+ --os-auth-url $KEYSTONE_AUTH_URI \ |
|
94 | 94 |
--os-username demo \ |
95 | 95 |
--os-password $ADMIN_PASSWORD \ |
96 | 96 |
--os-project-name demo |
... | ... |
@@ -98,9 +98,9 @@ function write_clouds_yaml { |
98 | 98 |
--file $CLOUDS_YAML \ |
99 | 99 |
--os-cloud devstack-admin \ |
100 | 100 |
--os-region-name $REGION_NAME \ |
101 |
- --os-identity-api-version $IDENTITY_API_VERSION \ |
|
101 |
+ --os-identity-api-version 3 \ |
|
102 | 102 |
$CA_CERT_ARG \ |
103 |
- --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
|
103 |
+ --os-auth-url $KEYSTONE_AUTH_URI \ |
|
104 | 104 |
--os-username admin \ |
105 | 105 |
--os-password $ADMIN_PASSWORD \ |
106 | 106 |
--os-project-name admin |
... | ... |
@@ -735,16 +735,13 @@ function policy_add { |
735 | 735 |
# Usage: get_or_create_domain <name> <description> |
736 | 736 |
function get_or_create_domain { |
737 | 737 |
local domain_id |
738 |
- local os_url="$KEYSTONE_SERVICE_URI_V3" |
|
739 | 738 |
# Gets domain id |
740 | 739 |
domain_id=$( |
741 | 740 |
# Gets domain id |
742 |
- openstack --os-token=$OS_TOKEN --os-url=$os_url \ |
|
743 |
- --os-identity-api-version=3 domain show $1 \ |
|
741 |
+ openstack domain show $1 \ |
|
744 | 742 |
-f value -c id 2>/dev/null || |
745 | 743 |
# Creates new domain |
746 |
- openstack --os-token=$OS_TOKEN --os-url=$os_url \ |
|
747 |
- --os-identity-api-version=3 domain create $1 \ |
|
744 |
+ openstack domain create $1 \ |
|
748 | 745 |
--description "$2" \ |
749 | 746 |
-f value -c id |
750 | 747 |
) |
... | ... |
@@ -755,13 +752,11 @@ function get_or_create_domain { |
755 | 755 |
# Usage: get_or_create_group <groupname> <domain> [<description>] |
756 | 756 |
function get_or_create_group { |
757 | 757 |
local desc="${3:-}" |
758 |
- local os_url="$KEYSTONE_SERVICE_URI_V3" |
|
759 | 758 |
local group_id |
760 | 759 |
# Gets group id |
761 | 760 |
group_id=$( |
762 | 761 |
# Creates new group with --or-show |
763 |
- openstack --os-token=$OS_TOKEN --os-url=$os_url \ |
|
764 |
- --os-identity-api-version=3 group create $1 \ |
|
762 |
+ openstack group create $1 \ |
|
765 | 763 |
--domain $2 --description "$desc" --or-show \ |
766 | 764 |
-f value -c id |
767 | 765 |
) |
... | ... |
@@ -783,8 +778,6 @@ function get_or_create_user { |
783 | 783 |
openstack user create \ |
784 | 784 |
$1 \ |
785 | 785 |
--password "$2" \ |
786 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
787 |
- --os-identity-api-version=3 \ |
|
788 | 786 |
--domain=$3 \ |
789 | 787 |
$email \ |
790 | 788 |
--or-show \ |
... | ... |
@@ -799,9 +792,7 @@ function get_or_create_project { |
799 | 799 |
local project_id |
800 | 800 |
project_id=$( |
801 | 801 |
# Creates new project with --or-show |
802 |
- openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
803 |
- --os-identity-api-version=3 \ |
|
804 |
- project create $1 \ |
|
802 |
+ openstack project create $1 \ |
|
805 | 803 |
--domain=$2 \ |
806 | 804 |
--or-show -f value -c id |
807 | 805 |
) |
... | ... |
@@ -815,8 +806,6 @@ function get_or_create_role { |
815 | 815 |
role_id=$( |
816 | 816 |
# Creates role with --or-show |
817 | 817 |
openstack role create $1 \ |
818 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
819 |
- --os-identity-api-version=3 \ |
|
820 | 818 |
--or-show -f value -c id |
821 | 819 |
) |
822 | 820 |
echo $role_id |
... | ... |
@@ -829,8 +818,6 @@ function get_or_add_user_project_role { |
829 | 829 |
# Gets user role id |
830 | 830 |
user_role_id=$(openstack role list \ |
831 | 831 |
--user $2 \ |
832 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
833 |
- --os-identity-api-version=3 \ |
|
834 | 832 |
--column "ID" \ |
835 | 833 |
--project $3 \ |
836 | 834 |
--column "Name" \ |
... | ... |
@@ -839,13 +826,9 @@ function get_or_add_user_project_role { |
839 | 839 |
# Adds role to user and get it |
840 | 840 |
openstack role add $1 \ |
841 | 841 |
--user $2 \ |
842 |
- --project $3 \ |
|
843 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
844 |
- --os-identity-api-version=3 |
|
842 |
+ --project $3 |
|
845 | 843 |
user_role_id=$(openstack role list \ |
846 | 844 |
--user $2 \ |
847 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
848 |
- --os-identity-api-version=3 \ |
|
849 | 845 |
--column "ID" \ |
850 | 846 |
--project $3 \ |
851 | 847 |
--column "Name" \ |
... | ... |
@@ -860,21 +843,15 @@ function get_or_add_group_project_role { |
860 | 860 |
local group_role_id |
861 | 861 |
# Gets group role id |
862 | 862 |
group_role_id=$(openstack role list \ |
863 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
864 |
- --os-identity-api-version=3 \ |
|
865 | 863 |
--group $2 \ |
866 | 864 |
--project $3 \ |
867 | 865 |
-c "ID" -f value) |
868 | 866 |
if [[ -z "$group_role_id" ]]; then |
869 | 867 |
# Adds role to group and get it |
870 | 868 |
openstack role add $1 \ |
871 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
872 |
- --os-identity-api-version=3 \ |
|
873 | 869 |
--group $2 \ |
874 | 870 |
--project $3 |
875 | 871 |
group_role_id=$(openstack role list \ |
876 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
877 |
- --os-identity-api-version=3 \ |
|
878 | 872 |
--group $2 \ |
879 | 873 |
--project $3 \ |
880 | 874 |
-c "ID" -f value) |
... | ... |
@@ -892,8 +869,6 @@ function get_or_create_service { |
892 | 892 |
openstack service show $2 -f value -c id 2>/dev/null || |
893 | 893 |
# Creates new service if not exists |
894 | 894 |
openstack service create \ |
895 |
- --os-url $KEYSTONE_SERVICE_URI_V3 \ |
|
896 |
- --os-identity-api-version=3 \ |
|
897 | 895 |
$2 \ |
898 | 896 |
--name $1 \ |
899 | 897 |
--description="$3" \ |
... | ... |
@@ -912,8 +887,6 @@ function _get_or_create_endpoint_with_interface { |
912 | 912 |
# gets support for this, the check for the region name can be removed. |
913 | 913 |
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772 |
914 | 914 |
endpoint_id=$(openstack endpoint list \ |
915 |
- --os-url $KEYSTONE_SERVICE_URI_V3 \ |
|
916 |
- --os-identity-api-version=3 \ |
|
917 | 915 |
--service $1 \ |
918 | 916 |
--interface $2 \ |
919 | 917 |
--region $4 \ |
... | ... |
@@ -921,8 +894,6 @@ function _get_or_create_endpoint_with_interface { |
921 | 921 |
if [[ -z "$endpoint_id" ]]; then |
922 | 922 |
# Creates new endpoint |
923 | 923 |
endpoint_id=$(openstack endpoint create \ |
924 |
- --os-url $KEYSTONE_SERVICE_URI_V3 \ |
|
925 |
- --os-identity-api-version=3 \ |
|
926 | 924 |
$1 $2 $3 --region $4 -f value -c id) |
927 | 925 |
fi |
928 | 926 |
|
... | ... |
@@ -799,10 +799,10 @@ function stop_swift { |
799 | 799 |
|
800 | 800 |
function swift_configure_tempurls { |
801 | 801 |
OS_USERNAME=swift \ |
802 |
- OS_TENANT_NAME=$SERVICE_TENANT_NAME \ |
|
802 |
+ OS_PROJECT_NAME=$SERVICE_TENANT_NAME \ |
|
803 | 803 |
OS_PASSWORD=$SERVICE_PASSWORD \ |
804 |
- OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
|
805 |
- swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY" |
|
804 |
+ OS_AUTH_URL=$SERVICE_ENDPOINT \ |
|
805 |
+ swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY" |
|
806 | 806 |
} |
807 | 807 |
|
808 | 808 |
# Restore xtrace |
... | ... |
@@ -973,13 +973,15 @@ if is_service_enabled keystone; then |
973 | 973 |
start_keystone |
974 | 974 |
fi |
975 | 975 |
|
976 |
+ export OS_IDENTITY_API_VERSION=3 |
|
977 |
+ |
|
976 | 978 |
# Set up a temporary admin URI for Keystone |
977 |
- SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 |
|
979 |
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3 |
|
978 | 980 |
|
979 | 981 |
if is_service_enabled tls-proxy; then |
980 | 982 |
export OS_CACERT=$INT_CA_DIR/ca-chain.pem |
981 | 983 |
# Until the client support is fixed, just use the internal endpoint |
982 |
- SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0 |
|
984 |
+ SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3 |
|
983 | 985 |
fi |
984 | 986 |
|
985 | 987 |
# Setup OpenStackClient token-endpoint auth |
... | ... |
@@ -1003,14 +1005,13 @@ if is_service_enabled keystone; then |
1003 | 1003 |
# Begone token auth |
1004 | 1004 |
unset OS_TOKEN OS_URL |
1005 | 1005 |
|
1006 |
- # force set to use v2 identity authentication even with v3 commands |
|
1007 |
- export OS_AUTH_TYPE=v2password |
|
1008 |
- |
|
1009 | 1006 |
# Set up password auth credentials now that Keystone is bootstrapped |
1010 |
- export OS_AUTH_URL=$SERVICE_ENDPOINT |
|
1011 |
- export OS_TENANT_NAME=admin |
|
1007 |
+ export OS_AUTH_URL=$KEYSTONE_AUTH_URI |
|
1012 | 1008 |
export OS_USERNAME=admin |
1009 |
+ export OS_USER_DOMAIN_ID=default |
|
1013 | 1010 |
export OS_PASSWORD=$ADMIN_PASSWORD |
1011 |
+ export OS_PROJECT_NAME=admin |
|
1012 |
+ export OS_PROJECT_DOMAIN_ID=default |
|
1014 | 1013 |
export OS_REGION_NAME=$REGION_NAME |
1015 | 1014 |
fi |
1016 | 1015 |
|