Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
... | ... |
@@ -47,7 +47,7 @@ KILL_PATH="$(which kill)" |
47 | 47 |
|
48 | 48 |
# Save these variables to .stackenv |
49 | 49 |
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \ |
50 |
- KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \ |
|
50 |
+ KEYSTONE_SERVICE_URI \ |
|
51 | 51 |
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \ |
52 | 52 |
HOST_IPV6 SERVICE_IP_VERSION" |
53 | 53 |
|
... | ... |
@@ -208,8 +208,7 @@ function configure_glance { |
208 | 208 |
|
209 | 209 |
if is_service_enabled tls-proxy; then |
210 | 210 |
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT |
211 |
- |
|
212 |
- iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
211 |
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI |
|
213 | 212 |
fi |
214 | 213 |
|
215 | 214 |
# Format logging |
... | ... |
@@ -221,7 +220,7 @@ function configure_glance { |
221 | 221 |
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL |
222 | 222 |
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG |
223 | 223 |
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ |
224 |
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI |
|
224 |
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI |
|
225 | 225 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME |
226 | 226 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance |
227 | 227 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD |
... | ... |
@@ -115,7 +115,7 @@ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/ide |
115 | 115 |
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI |
116 | 116 |
|
117 | 117 |
# V3 URIs |
118 |
-KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3 |
|
118 |
+KEYSTONE_AUTH_URI_V3=$KEYSTONE_SERVICE_URI/v3 |
|
119 | 119 |
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3 |
120 | 120 |
|
121 | 121 |
# Security compliance |
... | ... |
@@ -413,6 +413,7 @@ function configure_keystone_authtoken_middleware { |
413 | 413 |
local section=${3:-keystone_authtoken} |
414 | 414 |
|
415 | 415 |
iniset $conf_file $section auth_type password |
416 |
+ iniset $conf_file $section interface public |
|
416 | 417 |
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI |
417 | 418 |
iniset $conf_file $section username $admin_user |
418 | 419 |
iniset $conf_file $section password $SERVICE_PASSWORD |
... | ... |
@@ -561,7 +562,6 @@ function stop_keystone { |
561 | 561 |
# - ``KEYSTONE_BIN_DIR`` |
562 | 562 |
# - ``ADMIN_PASSWORD`` |
563 | 563 |
# - ``IDENTITY_API_VERSION`` |
564 |
-# - ``KEYSTONE_AUTH_URI`` |
|
565 | 564 |
# - ``REGION_NAME`` |
566 | 565 |
# - ``KEYSTONE_SERVICE_PROTOCOL`` |
567 | 566 |
# - ``KEYSTONE_SERVICE_HOST`` |
... | ... |
@@ -372,7 +372,7 @@ function configure_mutnauq { |
372 | 372 |
function create_nova_conf_neutron { |
373 | 373 |
local conf=${1:-$NOVA_CONF} |
374 | 374 |
iniset $conf neutron auth_type "password" |
375 |
- iniset $conf neutron auth_url "$KEYSTONE_AUTH_URI" |
|
375 |
+ iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI" |
|
376 | 376 |
iniset $conf neutron username "$Q_ADMIN_USERNAME" |
377 | 377 |
iniset $conf neutron password "$SERVICE_PASSWORD" |
378 | 378 |
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME" |
... | ... |
@@ -46,7 +46,7 @@ function configure_nova_hypervisor { |
46 | 46 |
iniset $NOVA_CONF ironic auth_type password |
47 | 47 |
iniset $NOVA_CONF ironic username admin |
48 | 48 |
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD |
49 |
- iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI |
|
49 |
+ iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI |
|
50 | 50 |
iniset $NOVA_CONF ironic project_domain_id default |
51 | 51 |
iniset $NOVA_CONF ironic user_domain_id default |
52 | 52 |
iniset $NOVA_CONF ironic project_name demo |
... | ... |
@@ -527,7 +527,7 @@ function configure_swift { |
527 | 527 |
else |
528 | 528 |
iniset ${testfile} func_test auth_port 80 |
529 | 529 |
fi |
530 |
- iniset ${testfile} func_test auth_uri ${KEYSTONE_AUTH_URI} |
|
530 |
+ iniset ${testfile} func_test auth_uri ${KEYSTONE_SERVICE_URI} |
|
531 | 531 |
if [[ "$auth_vers" == "3" ]]; then |
532 | 532 |
iniset ${testfile} func_test auth_prefix /identity/v3/ |
533 | 533 |
else |
... | ... |
@@ -87,9 +87,9 @@ export OS_AUTH_TYPE=password |
87 | 87 |
|
88 | 88 |
# If you don't have a working .stackenv, this is the backup position |
89 | 89 |
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000 |
90 |
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP} |
|
90 |
+KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP} |
|
91 | 91 |
|
92 |
-export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_AUTH_URI} |
|
92 |
+export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI} |
|
93 | 93 |
|
94 | 94 |
# Currently, in order to use openstackclient with Identity API v3, |
95 | 95 |
# we need to set the domain which the user and project belong to. |
... | ... |
@@ -1053,7 +1053,7 @@ cat > $TOP_DIR/userrc_early <<EOF |
1053 | 1053 |
|
1054 | 1054 |
# Set up password auth credentials now that Keystone is bootstrapped |
1055 | 1055 |
export OS_IDENTITY_API_VERSION=3 |
1056 |
-export OS_AUTH_URL=$KEYSTONE_AUTH_URI |
|
1056 |
+export OS_AUTH_URL=$KEYSTONE_SERVICE_URI |
|
1057 | 1057 |
export OS_USERNAME=admin |
1058 | 1058 |
export OS_USER_DOMAIN_ID=default |
1059 | 1059 |
export OS_PASSWORD=$ADMIN_PASSWORD |