Add the OS_* env variables to mirror the NOVA_* vars; example:
setting OS_USERNAME will override NOVA_USERNAME in the clients and
tools, but if left unset it defaults to NOVA_USERNAME.
Adds exercises/client-env.sh to test operation of command-line
clients with only the OS_* variables set
Addresses bug 897304, http://wiki.openstack.org/CLIAuth
Change-Id: I72450153541072fe8026a82748cfcd1cf5ed31d8
1 | 1 |
new file mode 100755 |
... | ... |
@@ -0,0 +1,166 @@ |
0 |
+#!/usr/bin/env bash |
|
1 |
+ |
|
2 |
+# Test OpenStack client enviroment variable handling |
|
3 |
+ |
|
4 |
+# Verify client workage |
|
5 |
+VERIFY=${1:-""} |
|
6 |
+ |
|
7 |
+# Settings |
|
8 |
+# ======== |
|
9 |
+ |
|
10 |
+# Use openrc + stackrc + localrc for settings |
|
11 |
+pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null |
|
12 |
+source ./openrc |
|
13 |
+popd >/dev/null |
|
14 |
+ |
|
15 |
+# Unset all of the known NOVA_ vars |
|
16 |
+unset NOVA_API_KEY |
|
17 |
+unset NOVA_ENDPOINT_NAME |
|
18 |
+unset NOVA_PASSWORD |
|
19 |
+unset NOVA_PROJECT_ID |
|
20 |
+unset NOVA_REGION_NAME |
|
21 |
+unset NOVA_URL |
|
22 |
+unset NOVA_USERNAME |
|
23 |
+unset NOVA_VERSION |
|
24 |
+ |
|
25 |
+# Make sure we have the vars we are expecting |
|
26 |
+function is_set() { |
|
27 |
+ local var=\$"$1" |
|
28 |
+ eval echo $1=$var |
|
29 |
+ if eval "[ -z $var ]"; then |
|
30 |
+ return 1 |
|
31 |
+ fi |
|
32 |
+ return 0 |
|
33 |
+} |
|
34 |
+ |
|
35 |
+for i in OS_TENANT_NAME OS_USERNAME OS_PASSWORD OS_AUTH_URL; do |
|
36 |
+ is_set $i |
|
37 |
+ if [[ $? -ne 0 ]]; then |
|
38 |
+ ABORT=1 |
|
39 |
+ fi |
|
40 |
+done |
|
41 |
+if [[ -n "$ABORT" ]]; then |
|
42 |
+ exit 1 |
|
43 |
+fi |
|
44 |
+ |
|
45 |
+# Set global return |
|
46 |
+RETURN=0 |
|
47 |
+ |
|
48 |
+# Keystone client |
|
49 |
+# --------------- |
|
50 |
+if [[ "$ENABLED_SERVICES" =~ "key" ]]; then |
|
51 |
+ if [[ "$SKIP_EXERCISES" =~ "key" ]] ; then |
|
52 |
+ STATUS_KEYSTONE="Skipped" |
|
53 |
+ else |
|
54 |
+ if [[ -n "$VERIFY" ]]; then |
|
55 |
+ # Save original environment |
|
56 |
+ xOS_AUTH_URL=$OS_AUTH_URL |
|
57 |
+ xOS_TENANT_NAME=$OS_TENANT_NAME |
|
58 |
+ xOS_USERNAME=$OS_USERNAME |
|
59 |
+ xOS_PASSWORD=$OS_PASSWORD |
|
60 |
+ # keystone can't handle a trailing '/' |
|
61 |
+ export OS_AUTH_URL=${OS_AUTH_URL%/} |
|
62 |
+ # does any non-admin request work? |
|
63 |
+ export OS_USERNAME=admin |
|
64 |
+ export OS_TENANT_NAME=admin |
|
65 |
+ fi |
|
66 |
+ |
|
67 |
+ echo -e "\nTest Keystone" |
|
68 |
+ if keystone service-list; then |
|
69 |
+ STATUS_KEYSTONE="Succeeded" |
|
70 |
+ else |
|
71 |
+ STATUS_KEYSTONE="Failed" |
|
72 |
+ RETURN=1 |
|
73 |
+ fi |
|
74 |
+ if [[ -n "$VERIFY" ]]; then |
|
75 |
+ # Save original environment |
|
76 |
+ OS_AUTH_URL=$xOS_AUTH_URL |
|
77 |
+ OS_TENANT_NAME=$xOS_TENANT_NAME |
|
78 |
+ OS_USERNAME=$xOS_USERNAME |
|
79 |
+ OS_PASSWORD=$xOS_PASSWORD |
|
80 |
+ fi |
|
81 |
+ fi |
|
82 |
+fi |
|
83 |
+ |
|
84 |
+# Nova client |
|
85 |
+# ----------- |
|
86 |
+ |
|
87 |
+if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
|
88 |
+ if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then |
|
89 |
+ STATUS_NOVA="Skipped" |
|
90 |
+ else |
|
91 |
+ if [[ -n "$VERIFY" ]]; then |
|
92 |
+ # Known novaclient breakage: |
|
93 |
+ # NOVA_VERSION must be set or nova silently fails |
|
94 |
+ export NOVA_VERSION=2 |
|
95 |
+ fi |
|
96 |
+ |
|
97 |
+ echo -e "\nTest Nova" |
|
98 |
+ if nova flavor-list; then |
|
99 |
+ STATUS_NOVA="Succeeded" |
|
100 |
+ else |
|
101 |
+ STATUS_NOVA="Failed" |
|
102 |
+ RETURN=1 |
|
103 |
+ fi |
|
104 |
+ fi |
|
105 |
+fi |
|
106 |
+ |
|
107 |
+# Glance client |
|
108 |
+# ------------- |
|
109 |
+ |
|
110 |
+if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then |
|
111 |
+ if [[ "$SKIP_EXERCISES" =~ "g-api" ]] ; then |
|
112 |
+ STATUS_GLANCE="Skipped" |
|
113 |
+ else |
|
114 |
+ if [[ -n "$VERIFY" ]]; then |
|
115 |
+ # Known glance client differage: |
|
116 |
+ export OS_AUTH_TENANT=$OS_TENANT_NAME |
|
117 |
+ export OS_AUTH_USER=$OS_USERNAME |
|
118 |
+ export OS_AUTH_KEY=$OS_PASSWORD |
|
119 |
+ export OS_AUTH_STRATEGY=keystone |
|
120 |
+ fi |
|
121 |
+ |
|
122 |
+ echo -e "\nTest Glance" |
|
123 |
+ if glance index; then |
|
124 |
+ STATUS_GLANCE="Succeeded" |
|
125 |
+ else |
|
126 |
+ STATUS_GLANCE="Failed" |
|
127 |
+ RETURN=1 |
|
128 |
+ fi |
|
129 |
+ fi |
|
130 |
+fi |
|
131 |
+ |
|
132 |
+# Swift client |
|
133 |
+# ------------ |
|
134 |
+ |
|
135 |
+if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then |
|
136 |
+ if [[ "$SKIP_EXERCISES" =~ "swift" ]] ; then |
|
137 |
+ STATUS_SWIFT="Skipped" |
|
138 |
+ else |
|
139 |
+ echo -e "\nTest Swift" |
|
140 |
+ # FIXME(dtroyer): implement swift test |
|
141 |
+ if true; then |
|
142 |
+ STATUS_SWIFT="Succeeded" |
|
143 |
+ else |
|
144 |
+ STATUS_SWIFT="Failed" |
|
145 |
+ RETURN=1 |
|
146 |
+ fi |
|
147 |
+ fi |
|
148 |
+fi |
|
149 |
+ |
|
150 |
+# Results |
|
151 |
+# ------- |
|
152 |
+ |
|
153 |
+function report() { |
|
154 |
+ if [[ -n "$2" ]]; then |
|
155 |
+ echo "$1: $2" |
|
156 |
+ fi |
|
157 |
+} |
|
158 |
+ |
|
159 |
+echo -e "\n" |
|
160 |
+report "Keystone" $STATUS_KEYSTONE |
|
161 |
+report "Nova" $STATUS_NOVA |
|
162 |
+report "Glance" $STATUS_GLANCE |
|
163 |
+report "Swift" $STATUS_SWIFT |
|
164 |
+ |
|
165 |
+exit $RETURN |
... | ... |
@@ -55,7 +55,7 @@ TEST_FLOATING_POOL=${TEST_FLOATING_POOL:-test} |
55 | 55 |
# returns a token and catalog of endpoints. We use python to parse the token |
56 | 56 |
# and save it. |
57 | 57 |
|
58 |
-TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$NOVA_USERNAME\", \"password\": \"$NOVA_PASSWORD\"}}}" -H "Content-type: application/json" http://$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` |
|
58 |
+TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$OS_USERNAME\", \"password\": \"$OS_PASSWORD\"}}}" -H "Content-type: application/json" ${OS_AUTH_URL%/}/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` |
|
59 | 59 |
|
60 | 60 |
# Launching a server |
61 | 61 |
# ================== |
... | ... |
@@ -41,7 +41,7 @@ DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ami} |
41 | 41 |
# returns a token and catalog of endpoints. We use python to parse the token |
42 | 42 |
# and save it. |
43 | 43 |
|
44 |
-TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$NOVA_USERNAME\", \"password\": \"$NOVA_PASSWORD\"}}}" -H "Content-type: application/json" http://$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` |
|
44 |
+TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$OS_USERNAME\", \"password\": \"$OS_PASSWORD\"}}}" -H "Content-type: application/json" ${OS_AUTH_URL%/}/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` |
|
45 | 45 |
|
46 | 46 |
# Launching a server |
47 | 47 |
# ================== |
... | ... |
@@ -12,20 +12,27 @@ SERVICE_HOST=${SERVICE_HOST:-$HOST_IP} |
12 | 12 |
# should be listening on HOST_IP. If its running elsewhere, it can be set here |
13 | 13 |
GLANCE_HOST=${GLANCE_HOST:-$HOST_IP} |
14 | 14 |
|
15 |
+# novaclient now supports the new OS_* configuration variables in addition to |
|
16 |
+# the older NOVA_* variables. Set them both for now... |
|
17 |
+ |
|
15 | 18 |
# Nova original used project_id as the *account* that owned resources (servers, |
16 | 19 |
# ip address, ...) With the addition of Keystone we have standardized on the |
17 | 20 |
# term **tenant** as the entity that owns the resources. **novaclient** still |
18 | 21 |
# uses the old deprecated terms project_id. Note that this field should now be |
19 | 22 |
# set to tenant_name, not tenant_id. |
20 | 23 |
export NOVA_PROJECT_ID=${TENANT:-demo} |
24 |
+export OS_TENANT_NAME=${NOVA_PROJECT_ID} |
|
21 | 25 |
|
22 | 26 |
# In addition to the owning entity (tenant), nova stores the entity performing |
23 | 27 |
# the action as the **user**. |
24 | 28 |
export NOVA_USERNAME=${USERNAME:-demo} |
29 |
+export OS_USERNAME=${NOVA_USERNAME} |
|
25 | 30 |
|
26 | 31 |
# With Keystone you pass the keystone password instead of an api key. |
27 |
-# The most recent versions of novaclient use NOVA_PASSWORD instead of NOVA_API_KEY |
|
32 |
+# Recent versions of novaclient use NOVA_PASSWORD instead of NOVA_API_KEY |
|
33 |
+# The most recent versions of novaclient use OS_PASSWORD in addition to NOVA_PASSWORD |
|
28 | 34 |
export NOVA_PASSWORD=${ADMIN_PASSWORD:-secrete} |
35 |
+export OS_PASSWORD=${NOVA_PASSWORD} |
|
29 | 36 |
|
30 | 37 |
# With the addition of Keystone, to use an openstack cloud you should |
31 | 38 |
# authenticate against keystone, which returns a **Token** and **Service |
... | ... |
@@ -36,6 +43,7 @@ export NOVA_PASSWORD=${ADMIN_PASSWORD:-secrete} |
36 | 36 |
# *NOTE*: Using the 2.0 *auth api* does not mean that compute api is 2.0. We |
37 | 37 |
# will use the 1.1 *compute api* |
38 | 38 |
export NOVA_URL=${NOVA_URL:-http://$SERVICE_HOST:5000/v2.0/} |
39 |
+export OS_AUTH_URL=${NOVA_URL} |
|
39 | 40 |
|
40 | 41 |
# Currently novaclient needs you to specify the *compute api* version. This |
41 | 42 |
# needs to match the config of your catalog returned by Keystone. |