Browse code
Merge "change tenant to project in keystone bootstrapping"
Jenkins authored on 2016/04/14 08:35:52Showing 1 changed files
| ... | ... |
@@ -106,9 +106,9 @@ KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
| 106 | 106 |
|
| 107 | 107 |
# Bind hosts |
| 108 | 108 |
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
|
| 109 |
-# Set the tenant for service accounts in Keystone |
|
| 110 |
-SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
|
|
| 111 |
-SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service}
|
|
| 109 |
+# Set the project for service accounts in Keystone |
|
| 110 |
+SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
|
|
| 111 |
+SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
|
|
| 112 | 112 |
|
| 113 | 113 |
# if we are running with SSL use https protocols |
| 114 | 114 |
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then |
| ... | ... |
@@ -335,7 +335,7 @@ function configure_keystone {
|
| 335 | 335 |
|
| 336 | 336 |
# create_keystone_accounts() - Sets up common required keystone accounts |
| 337 | 337 |
|
| 338 |
-# Tenant User Roles |
|
| 338 |
+# Project User Roles |
|
| 339 | 339 |
# ------------------------------------------------------------------ |
| 340 | 340 |
# admin admin admin |
| 341 | 341 |
# service -- -- |
| ... | ... |
@@ -348,7 +348,7 @@ function configure_keystone {
|
| 348 | 348 |
# alt_demo alt_demo Member, anotherrole |
| 349 | 349 |
# invisible_to_admin demo Member |
| 350 | 350 |
|
| 351 |
-# Group Users Roles Tenant |
|
| 351 |
+# Group Users Roles Project |
|
| 352 | 352 |
# ------------------------------------------------------------------ |
| 353 | 353 |
# admins admin admin admin |
| 354 | 354 |
# nonadmins demo, alt_demo Member, anotherrole demo, alt_demo |
| ... | ... |
@@ -360,8 +360,8 @@ function create_keystone_accounts {
|
| 360 | 360 |
# The keystone bootstrapping process (performed via keystone-manage bootstrap) |
| 361 | 361 |
# creates an admin user, admin role and admin project. As a sanity check |
| 362 | 362 |
# we exercise the CLI to retrieve the IDs for these values. |
| 363 |
- local admin_tenant |
|
| 364 |
- admin_tenant=$(openstack project show "admin" -f value -c id) |
|
| 363 |
+ local admin_project |
|
| 364 |
+ admin_project=$(openstack project show "admin" -f value -c id) |
|
| 365 | 365 |
local admin_user |
| 366 | 366 |
admin_user=$(openstack user show "admin" -f value -c id) |
| 367 | 367 |
local admin_role |
| ... | ... |
@@ -376,8 +376,8 @@ function create_keystone_accounts {
|
| 376 | 376 |
get_or_create_role service |
| 377 | 377 |
|
| 378 | 378 |
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it. |
| 379 |
- # The admin role in swift allows a user to act as an admin for their tenant, |
|
| 380 |
- # but ResellerAdmin is needed for a user to act as any tenant. The name of this |
|
| 379 |
+ # The admin role in swift allows a user to act as an admin for their project, |
|
| 380 |
+ # but ResellerAdmin is needed for a user to act as any project. The name of this |
|
| 381 | 381 |
# role is also configurable in swift-proxy.conf |
| 382 | 382 |
get_or_create_role ResellerAdmin |
| 383 | 383 |
|
| ... | ... |
@@ -390,32 +390,32 @@ function create_keystone_accounts {
|
| 390 | 390 |
local another_role |
| 391 | 391 |
another_role=$(get_or_create_role "anotherrole") |
| 392 | 392 |
|
| 393 |
- # invisible tenant - admin can't see this one |
|
| 394 |
- local invis_tenant |
|
| 395 |
- invis_tenant=$(get_or_create_project "invisible_to_admin" default) |
|
| 393 |
+ # invisible project - admin can't see this one |
|
| 394 |
+ local invis_project |
|
| 395 |
+ invis_project=$(get_or_create_project "invisible_to_admin" default) |
|
| 396 | 396 |
|
| 397 | 397 |
# demo |
| 398 |
- local demo_tenant |
|
| 399 |
- demo_tenant=$(get_or_create_project "demo" default) |
|
| 398 |
+ local demo_project |
|
| 399 |
+ demo_project=$(get_or_create_project "demo" default) |
|
| 400 | 400 |
local demo_user |
| 401 | 401 |
demo_user=$(get_or_create_user "demo" \ |
| 402 | 402 |
"$ADMIN_PASSWORD" "default" "demo@example.com") |
| 403 | 403 |
|
| 404 |
- get_or_add_user_project_role $member_role $demo_user $demo_tenant |
|
| 405 |
- get_or_add_user_project_role $admin_role $admin_user $demo_tenant |
|
| 406 |
- get_or_add_user_project_role $another_role $demo_user $demo_tenant |
|
| 407 |
- get_or_add_user_project_role $member_role $demo_user $invis_tenant |
|
| 404 |
+ get_or_add_user_project_role $member_role $demo_user $demo_project |
|
| 405 |
+ get_or_add_user_project_role $admin_role $admin_user $demo_project |
|
| 406 |
+ get_or_add_user_project_role $another_role $demo_user $demo_project |
|
| 407 |
+ get_or_add_user_project_role $member_role $demo_user $invis_project |
|
| 408 | 408 |
|
| 409 | 409 |
# alt_demo |
| 410 |
- local alt_demo_tenant |
|
| 411 |
- alt_demo_tenant=$(get_or_create_project "alt_demo" default) |
|
| 410 |
+ local alt_demo_project |
|
| 411 |
+ alt_demo_project=$(get_or_create_project "alt_demo" default) |
|
| 412 | 412 |
local alt_demo_user |
| 413 | 413 |
alt_demo_user=$(get_or_create_user "alt_demo" \ |
| 414 | 414 |
"$ADMIN_PASSWORD" "default" "alt_demo@example.com") |
| 415 | 415 |
|
| 416 |
- get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant |
|
| 417 |
- get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant |
|
| 418 |
- get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant |
|
| 416 |
+ get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_project |
|
| 417 |
+ get_or_add_user_project_role $admin_role $admin_user $alt_demo_project |
|
| 418 |
+ get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_project |
|
| 419 | 419 |
|
| 420 | 420 |
# groups |
| 421 | 421 |
local admin_group |
| ... | ... |
@@ -425,11 +425,11 @@ function create_keystone_accounts {
|
| 425 | 425 |
non_admin_group=$(get_or_create_group "nonadmins" \ |
| 426 | 426 |
"default" "non-admin group") |
| 427 | 427 |
|
| 428 |
- get_or_add_group_project_role $member_role $non_admin_group $demo_tenant |
|
| 429 |
- get_or_add_group_project_role $another_role $non_admin_group $demo_tenant |
|
| 430 |
- get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant |
|
| 431 |
- get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant |
|
| 432 |
- get_or_add_group_project_role $admin_role $admin_group $admin_tenant |
|
| 428 |
+ get_or_add_group_project_role $member_role $non_admin_group $demo_project |
|
| 429 |
+ get_or_add_group_project_role $another_role $non_admin_group $demo_project |
|
| 430 |
+ get_or_add_group_project_role $member_role $non_admin_group $alt_demo_project |
|
| 431 |
+ get_or_add_group_project_role $another_role $non_admin_group $alt_demo_project |
|
| 432 |
+ get_or_add_group_project_role $admin_role $admin_group $admin_project |
|
| 433 | 433 |
} |
| 434 | 434 |
|
| 435 | 435 |
# Create a user that is capable of verifying keystone tokens for use with auth_token middleware. |