If something goes wrong after keystone is running with services
registered, but before credentials are written, it's hard to poke at the
existing half-running state because none of the auth information is
recorded.
Write the files right after we're done bootstrapping keystone.
Change-Id: I2f8ae86e17d26ec4defa16e843faa8987d27fac9
... | ... |
@@ -1034,6 +1034,73 @@ if is_service_enabled keystone; then |
1034 | 1034 |
export OS_REGION_NAME=$REGION_NAME |
1035 | 1035 |
fi |
1036 | 1036 |
|
1037 |
+# We now have a working keystone. From this point, everything can be done |
|
1038 |
+# with normal auth. Let's write out the auth config files so that if something |
|
1039 |
+# goes wrong subsequently, developers debugging have stackrc and clouds.yaml |
|
1040 |
+# files to use to poke at things |
|
1041 |
+ |
|
1042 |
+# Create account rc files |
|
1043 |
+# ======================= |
|
1044 |
+ |
|
1045 |
+# Creates source able script files for easier user switching. |
|
1046 |
+# This step also creates certificates for tenants and users, |
|
1047 |
+# which is helpful in image bundle steps. |
|
1048 |
+ |
|
1049 |
+if is_service_enabled nova && is_service_enabled keystone; then |
|
1050 |
+ USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc" |
|
1051 |
+ |
|
1052 |
+ if [ -f $SSL_BUNDLE_FILE ]; then |
|
1053 |
+ USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE" |
|
1054 |
+ fi |
|
1055 |
+ |
|
1056 |
+ if [[ "$HEAT_STANDALONE" = "True" ]]; then |
|
1057 |
+ USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1" |
|
1058 |
+ fi |
|
1059 |
+ |
|
1060 |
+ $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS |
|
1061 |
+fi |
|
1062 |
+ |
|
1063 |
+ |
|
1064 |
+# Save some values we generated for later use |
|
1065 |
+save_stackenv |
|
1066 |
+ |
|
1067 |
+# Update/create user clouds.yaml file. |
|
1068 |
+# clouds.yaml will have |
|
1069 |
+# - A `devstack` entry for the `demo` user for the `demo` project. |
|
1070 |
+# - A `devstack-admin` entry for the `admin` user for the `admin` project. |
|
1071 |
+ |
|
1072 |
+# The location is a variable to allow for easier refactoring later to make it |
|
1073 |
+# overridable. There is currently no usecase where doing so makes sense, so |
|
1074 |
+# it's not currently configurable. |
|
1075 |
+CLOUDS_YAML=~/.config/openstack/clouds.yaml |
|
1076 |
+ |
|
1077 |
+mkdir -p $(dirname $CLOUDS_YAML) |
|
1078 |
+ |
|
1079 |
+CA_CERT_ARG='' |
|
1080 |
+if [ -f "$SSL_BUNDLE_FILE" ]; then |
|
1081 |
+ CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE" |
|
1082 |
+fi |
|
1083 |
+$TOP_DIR/tools/update_clouds_yaml.py \ |
|
1084 |
+ --file $CLOUDS_YAML \ |
|
1085 |
+ --os-cloud devstack \ |
|
1086 |
+ --os-region-name $REGION_NAME \ |
|
1087 |
+ --os-identity-api-version $IDENTITY_API_VERSION \ |
|
1088 |
+ $CA_CERT_ARG \ |
|
1089 |
+ --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
|
1090 |
+ --os-username demo \ |
|
1091 |
+ --os-password $ADMIN_PASSWORD \ |
|
1092 |
+ --os-project-name demo |
|
1093 |
+$TOP_DIR/tools/update_clouds_yaml.py \ |
|
1094 |
+ --file $CLOUDS_YAML \ |
|
1095 |
+ --os-cloud devstack-admin \ |
|
1096 |
+ --os-region-name $REGION_NAME \ |
|
1097 |
+ --os-identity-api-version $IDENTITY_API_VERSION \ |
|
1098 |
+ $CA_CERT_ARG \ |
|
1099 |
+ --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
|
1100 |
+ --os-username admin \ |
|
1101 |
+ --os-password $ADMIN_PASSWORD \ |
|
1102 |
+ --os-project-name admin |
|
1103 |
+ |
|
1037 | 1104 |
# Horizon |
1038 | 1105 |
# ------- |
1039 | 1106 |
|
... | ... |
@@ -1275,69 +1342,6 @@ if is_service_enabled heat; then |
1275 | 1275 |
fi |
1276 | 1276 |
|
1277 | 1277 |
|
1278 |
-# Create account rc files |
|
1279 |
-# ======================= |
|
1280 |
- |
|
1281 |
-# Creates source able script files for easier user switching. |
|
1282 |
-# This step also creates certificates for tenants and users, |
|
1283 |
-# which is helpful in image bundle steps. |
|
1284 |
- |
|
1285 |
-if is_service_enabled nova && is_service_enabled keystone; then |
|
1286 |
- USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc" |
|
1287 |
- |
|
1288 |
- if [ -f $SSL_BUNDLE_FILE ]; then |
|
1289 |
- USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE" |
|
1290 |
- fi |
|
1291 |
- |
|
1292 |
- if [[ "$HEAT_STANDALONE" = "True" ]]; then |
|
1293 |
- USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1" |
|
1294 |
- fi |
|
1295 |
- |
|
1296 |
- $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS |
|
1297 |
-fi |
|
1298 |
- |
|
1299 |
- |
|
1300 |
-# Save some values we generated for later use |
|
1301 |
-save_stackenv |
|
1302 |
- |
|
1303 |
-# Update/create user clouds.yaml file. |
|
1304 |
-# clouds.yaml will have |
|
1305 |
-# - A `devstack` entry for the `demo` user for the `demo` project. |
|
1306 |
-# - A `devstack-admin` entry for the `admin` user for the `admin` project. |
|
1307 |
- |
|
1308 |
-# The location is a variable to allow for easier refactoring later to make it |
|
1309 |
-# overridable. There is currently no usecase where doing so makes sense, so |
|
1310 |
-# it's not currently configurable. |
|
1311 |
-CLOUDS_YAML=~/.config/openstack/clouds.yaml |
|
1312 |
- |
|
1313 |
-mkdir -p $(dirname $CLOUDS_YAML) |
|
1314 |
- |
|
1315 |
-CA_CERT_ARG='' |
|
1316 |
-if [ -f "$SSL_BUNDLE_FILE" ]; then |
|
1317 |
- CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE" |
|
1318 |
-fi |
|
1319 |
-$TOP_DIR/tools/update_clouds_yaml.py \ |
|
1320 |
- --file $CLOUDS_YAML \ |
|
1321 |
- --os-cloud devstack \ |
|
1322 |
- --os-region-name $REGION_NAME \ |
|
1323 |
- --os-identity-api-version $IDENTITY_API_VERSION \ |
|
1324 |
- $CA_CERT_ARG \ |
|
1325 |
- --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
|
1326 |
- --os-username demo \ |
|
1327 |
- --os-password $ADMIN_PASSWORD \ |
|
1328 |
- --os-project-name demo |
|
1329 |
-$TOP_DIR/tools/update_clouds_yaml.py \ |
|
1330 |
- --file $CLOUDS_YAML \ |
|
1331 |
- --os-cloud devstack-admin \ |
|
1332 |
- --os-region-name $REGION_NAME \ |
|
1333 |
- --os-identity-api-version $IDENTITY_API_VERSION \ |
|
1334 |
- $CA_CERT_ARG \ |
|
1335 |
- --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
|
1336 |
- --os-username admin \ |
|
1337 |
- --os-password $ADMIN_PASSWORD \ |
|
1338 |
- --os-project-name admin |
|
1339 |
- |
|
1340 |
- |
|
1341 | 1278 |
# Wrapup configuration |
1342 | 1279 |
# ==================== |
1343 | 1280 |
|