Browse code
Prepare for dropping keystone admin endpoint
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
Jens Harbott authored on 2019/04/10 19:33:39Showing 8 changed files
- functions-common
- lib/glance
- lib/keystone
- lib/neutron-legacy
- lib/nova_plugins/hypervisor-ironic
- lib/swift
- openrc
- stack.sh
| ... | ... |
@@ -47,7 +47,7 @@ KILL_PATH="$(which kill)" |
| 47 | 47 |
|
| 48 | 48 |
# Save these variables to .stackenv |
| 49 | 49 |
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \ |
| 50 |
- KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \ |
|
| 50 |
+ KEYSTONE_SERVICE_URI \ |
|
| 51 | 51 |
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \ |
| 52 | 52 |
HOST_IPV6 SERVICE_IP_VERSION" |
| 53 | 53 |
|
| ... | ... |
@@ -208,8 +208,7 @@ function configure_glance {
|
| 208 | 208 |
|
| 209 | 209 |
if is_service_enabled tls-proxy; then |
| 210 | 210 |
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT |
| 211 |
- |
|
| 212 |
- iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 211 |
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI |
|
| 213 | 212 |
fi |
| 214 | 213 |
|
| 215 | 214 |
# Format logging |
| ... | ... |
@@ -221,7 +220,7 @@ function configure_glance {
|
| 221 | 221 |
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL |
| 222 | 222 |
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG |
| 223 | 223 |
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ |
| 224 |
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI |
|
| 224 |
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI |
|
| 225 | 225 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME |
| 226 | 226 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance |
| 227 | 227 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD |
| ... | ... |
@@ -115,7 +115,7 @@ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/ide
|
| 115 | 115 |
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI |
| 116 | 116 |
|
| 117 | 117 |
# V3 URIs |
| 118 |
-KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3 |
|
| 118 |
+KEYSTONE_AUTH_URI_V3=$KEYSTONE_SERVICE_URI/v3 |
|
| 119 | 119 |
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3 |
| 120 | 120 |
|
| 121 | 121 |
# Security compliance |
| ... | ... |
@@ -413,6 +413,7 @@ function configure_keystone_authtoken_middleware {
|
| 413 | 413 |
local section=${3:-keystone_authtoken}
|
| 414 | 414 |
|
| 415 | 415 |
iniset $conf_file $section auth_type password |
| 416 |
+ iniset $conf_file $section interface public |
|
| 416 | 417 |
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI |
| 417 | 418 |
iniset $conf_file $section username $admin_user |
| 418 | 419 |
iniset $conf_file $section password $SERVICE_PASSWORD |
| ... | ... |
@@ -561,7 +562,6 @@ function stop_keystone {
|
| 561 | 561 |
# - ``KEYSTONE_BIN_DIR`` |
| 562 | 562 |
# - ``ADMIN_PASSWORD`` |
| 563 | 563 |
# - ``IDENTITY_API_VERSION`` |
| 564 |
-# - ``KEYSTONE_AUTH_URI`` |
|
| 565 | 564 |
# - ``REGION_NAME`` |
| 566 | 565 |
# - ``KEYSTONE_SERVICE_PROTOCOL`` |
| 567 | 566 |
# - ``KEYSTONE_SERVICE_HOST`` |
| ... | ... |
@@ -372,7 +372,7 @@ function configure_mutnauq {
|
| 372 | 372 |
function create_nova_conf_neutron {
|
| 373 | 373 |
local conf=${1:-$NOVA_CONF}
|
| 374 | 374 |
iniset $conf neutron auth_type "password" |
| 375 |
- iniset $conf neutron auth_url "$KEYSTONE_AUTH_URI" |
|
| 375 |
+ iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI" |
|
| 376 | 376 |
iniset $conf neutron username "$Q_ADMIN_USERNAME" |
| 377 | 377 |
iniset $conf neutron password "$SERVICE_PASSWORD" |
| 378 | 378 |
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME" |
| ... | ... |
@@ -46,7 +46,7 @@ function configure_nova_hypervisor {
|
| 46 | 46 |
iniset $NOVA_CONF ironic auth_type password |
| 47 | 47 |
iniset $NOVA_CONF ironic username admin |
| 48 | 48 |
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD |
| 49 |
- iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI |
|
| 49 |
+ iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI |
|
| 50 | 50 |
iniset $NOVA_CONF ironic project_domain_id default |
| 51 | 51 |
iniset $NOVA_CONF ironic user_domain_id default |
| 52 | 52 |
iniset $NOVA_CONF ironic project_name demo |
| ... | ... |
@@ -527,7 +527,7 @@ function configure_swift {
|
| 527 | 527 |
else |
| 528 | 528 |
iniset ${testfile} func_test auth_port 80
|
| 529 | 529 |
fi |
| 530 |
- iniset ${testfile} func_test auth_uri ${KEYSTONE_AUTH_URI}
|
|
| 530 |
+ iniset ${testfile} func_test auth_uri ${KEYSTONE_SERVICE_URI}
|
|
| 531 | 531 |
if [[ "$auth_vers" == "3" ]]; then |
| 532 | 532 |
iniset ${testfile} func_test auth_prefix /identity/v3/
|
| 533 | 533 |
else |
| ... | ... |
@@ -87,9 +87,9 @@ export OS_AUTH_TYPE=password |
| 87 | 87 |
|
| 88 | 88 |
# If you don't have a working .stackenv, this is the backup position |
| 89 | 89 |
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000 |
| 90 |
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP}
|
|
| 90 |
+KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP}
|
|
| 91 | 91 |
|
| 92 |
-export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_AUTH_URI}
|
|
| 92 |
+export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI}
|
|
| 93 | 93 |
|
| 94 | 94 |
# Currently, in order to use openstackclient with Identity API v3, |
| 95 | 95 |
# we need to set the domain which the user and project belong to. |
| ... | ... |
@@ -1053,7 +1053,7 @@ cat > $TOP_DIR/userrc_early <<EOF |
| 1053 | 1053 |
|
| 1054 | 1054 |
# Set up password auth credentials now that Keystone is bootstrapped |
| 1055 | 1055 |
export OS_IDENTITY_API_VERSION=3 |
| 1056 |
-export OS_AUTH_URL=$KEYSTONE_AUTH_URI |
|
| 1056 |
+export OS_AUTH_URL=$KEYSTONE_SERVICE_URI |
|
| 1057 | 1057 |
export OS_USERNAME=admin |
| 1058 | 1058 |
export OS_USER_DOMAIN_ID=default |
| 1059 | 1059 |
export OS_PASSWORD=$ADMIN_PASSWORD |