1. devstack
  2. Commit 16a2d64f379974e7c88ef9f7879c88511e43c2eb
Browse code

Move writing of credentials earlier in the process

If something goes wrong after keystone is running with services
registered, but before credentials are written, it's hard to poke at the
existing half-running state because none of the auth information is
recorded.

Write the files right after we're done bootstrapping keystone.

Change-Id: I2f8ae86e17d26ec4defa16e843faa8987d27fac9

Monty Taylor authored on 2015/09/20 00:19:31
Showing 1 changed files
stack.sh
History View file @ 16a2d64
... ... 
@@ -1034,6 +1034,73 @@ if is_service_enabled keystone; then
1034 1034 
     export OS_REGION_NAME=$REGION_NAME
1035 1035 
 fi
1036 1036
1037 
+# We now have a working keystone. From this point, everything can be done
1038 
+# with normal auth. Let's write out the auth config files so that if something
1039 
+# goes wrong subsequently, developers debugging have stackrc and clouds.yaml
1040 
+# files to use to poke at things
1041 
+
1042 
+# Create account rc files
1043 
+# =======================
1044 
+
1045 
+# Creates source able script files for easier user switching.
1046 
+# This step also creates certificates for tenants and users,
1047 
+# which is helpful in image bundle steps.
1048 
+
1049 
+if is_service_enabled nova && is_service_enabled keystone; then
1050 
+    USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc"
1051 
+
1052 
+    if [ -f $SSL_BUNDLE_FILE ]; then
1053 
+        USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
1054 
+    fi
1055 
+
1056 
+    if [[ "$HEAT_STANDALONE" = "True" ]]; then
1057 
+        USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1"
1058 
+    fi
1059 
+
1060 
+    $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
1061 
+fi
1062 
+
1063 
+
1064 
+# Save some values we generated for later use
1065 
+save_stackenv
1066 
+
1067 
+# Update/create user clouds.yaml file.
1068 
+# clouds.yaml will have
1069 
+# - A `devstack` entry for the `demo` user for the `demo` project.
1070 
+# - A `devstack-admin` entry for the `admin` user for the `admin` project.
1071 
+
1072 
+# The location is a variable to allow for easier refactoring later to make it
1073 
+# overridable. There is currently no usecase where doing so makes sense, so
1074 
+# it's not currently configurable.
1075 
+CLOUDS_YAML=~/.config/openstack/clouds.yaml
1076 
+
1077 
+mkdir -p $(dirname $CLOUDS_YAML)
1078 
+
1079 
+CA_CERT_ARG=''
1080 
+if [ -f "$SSL_BUNDLE_FILE" ]; then
1081 
+    CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
1082 
+fi
1083 
+$TOP_DIR/tools/update_clouds_yaml.py \
1084 
+    --file $CLOUDS_YAML \
1085 
+    --os-cloud devstack \
1086 
+    --os-region-name $REGION_NAME \
1087 
+    --os-identity-api-version $IDENTITY_API_VERSION \
1088 
+    $CA_CERT_ARG \
1089 
+    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
1090 
+    --os-username demo \
1091 
+    --os-password $ADMIN_PASSWORD \
1092 
+    --os-project-name demo
1093 
+$TOP_DIR/tools/update_clouds_yaml.py \
1094 
+    --file $CLOUDS_YAML \
1095 
+    --os-cloud devstack-admin \
1096 
+    --os-region-name $REGION_NAME \
1097 
+    --os-identity-api-version $IDENTITY_API_VERSION \
1098 
+    $CA_CERT_ARG \
1099 
+    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
1100 
+    --os-username admin \
1101 
+    --os-password $ADMIN_PASSWORD \
1102 
+    --os-project-name admin
1103 
+
1037 1104 
 # Horizon
1038 1105 
 # -------
1039 1106
... ... 
@@ -1275,69 +1342,6 @@ if is_service_enabled heat; then
1275 1275 
 fi
1276 1276
1277 1277
1278 
-# Create account rc files
1279 
-# =======================
1280 
-
1281 
-# Creates source able script files for easier user switching.
1282 
-# This step also creates certificates for tenants and users,
1283 
-# which is helpful in image bundle steps.
1284 
-
1285 
-if is_service_enabled nova && is_service_enabled keystone; then
1286 
-    USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc"
1287 
-
1288 
-    if [ -f $SSL_BUNDLE_FILE ]; then
1289 
-        USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
1290 
-    fi
1291 
-
1292 
-    if [[ "$HEAT_STANDALONE" = "True" ]]; then
1293 
-        USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1"
1294 
-    fi
1295 
-
1296 
-    $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
1297 
-fi
1298 
-
1299 
-
1300 
-# Save some values we generated for later use
1301 
-save_stackenv
1302 
-
1303 
-# Update/create user clouds.yaml file.
1304 
-# clouds.yaml will have
1305 
-# - A `devstack` entry for the `demo` user for the `demo` project.
1306 
-# - A `devstack-admin` entry for the `admin` user for the `admin` project.
1307 
-
1308 
-# The location is a variable to allow for easier refactoring later to make it
1309 
-# overridable. There is currently no usecase where doing so makes sense, so
1310 
-# it's not currently configurable.
1311 
-CLOUDS_YAML=~/.config/openstack/clouds.yaml
1312 
-
1313 
-mkdir -p $(dirname $CLOUDS_YAML)
1314 
-
1315 
-CA_CERT_ARG=''
1316 
-if [ -f "$SSL_BUNDLE_FILE" ]; then
1317 
-    CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
1318 
-fi
1319 
-$TOP_DIR/tools/update_clouds_yaml.py \
1320 
-    --file $CLOUDS_YAML \
1321 
-    --os-cloud devstack \
1322 
-    --os-region-name $REGION_NAME \
1323 
-    --os-identity-api-version $IDENTITY_API_VERSION \
1324 
-    $CA_CERT_ARG \
1325 
-    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
1326 
-    --os-username demo \
1327 
-    --os-password $ADMIN_PASSWORD \
1328 
-    --os-project-name demo
1329 
-$TOP_DIR/tools/update_clouds_yaml.py \
1330 
-    --file $CLOUDS_YAML \
1331 
-    --os-cloud devstack-admin \
1332 
-    --os-region-name $REGION_NAME \
1333 
-    --os-identity-api-version $IDENTITY_API_VERSION \
1334 
-    $CA_CERT_ARG \
1335 
-    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
1336 
-    --os-username admin \
1337 
-    --os-password $ADMIN_PASSWORD \
1338 
-    --os-project-name admin
1339 
-
1340 
-
1341 1278 
 # Wrapup configuration
1342 1279 
 # ====================
1343 1280