1. devstack
  2. Commit 3f7c06f5aaff5d3e2ec28931e0fe4ab8376208e6
Browse code

Support sql service catalog backend

* Add KEYSTONE_CATALOG_BACKEND to select 'sql' or 'template'
'template' is the default
* Add service creation to keystone_data.sh

Rebased and re-submitted

Fixes bug 966457

Change-Id: Id24fbdeba3de11537559e24b72571ec92ab44750

Dean Troyer authored on 2012/04/04 07:19:36
Showing 2 changed files
files/keystone_data.sh
History View file @ 3f7c06f
... ... 
@@ -19,8 +19,13 @@
19 19 
 # SERVICE_TOKEN - aka admin_token in keystone.conf
20 20 
 # SERVICE_ENDPOINT - local Keystone admin endpoint
21 21 
 # SERVICE_TENANT_NAME - name of tenant containing service accounts
22 
+# SERVICE_HOST - host used for endpoint creation
22 23 
 # ENABLED_SERVICES - stack.sh's list of services to start
23 24 
 # DEVSTACK_DIR - Top-level DevStack directory
25 
+# KEYSTONE_CATALOG_BACKEND - used to determine service catalog creation
26 
+
27 
+# Defaults
28 
+# --------
24 29
25 30 
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
26 31 
 SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
... ... 
@@ -29,10 +34,13 @@ export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
29 29 
 SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
30 30
31 31 
 function get_id () {
32 
-    echo `$@ | awk '/ id / { print $4 }'`
32 
+    echo `"$@" | awk '/ id / { print $4 }'`
33 33 
 }
34 34
35 
+
35 36 
 # Tenants
37 
+# -------
38 
+
36 39 
 ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
37 40 
 SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
38 41 
 DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
... ... 
@@ -40,6 +48,8 @@ INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
40 40
41 41
42 42 
 # Users
43 
+# -----
44 
+
43 45 
 ADMIN_USER=$(get_id keystone user-create --name=admin \
44 46 
                                          --pass="$ADMIN_PASSWORD" \
45 47 
                                          --email=admin@example.com)
... ... 
@@ -49,6 +59,8 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
49 49
50 50
51 51 
 # Roles
52 
+# -----
53 
+
52 54 
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
53 55 
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
54 56 
 KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
... ... 
@@ -73,58 +85,191 @@ keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $
73 73 
 keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $INVIS_TENANT
74 74
75 75
76 
-# Configure service users/roles
77 
-NOVA_USER=$(get_id keystone user-create --name=nova \
78 
-                                        --pass="$SERVICE_PASSWORD" \
79 
-                                        --tenant_id $SERVICE_TENANT \
80 
-                                        --email=nova@example.com)
81 
-keystone user-role-add --tenant_id $SERVICE_TENANT \
82 
-                       --user_id $NOVA_USER \
83 
-                       --role_id $ADMIN_ROLE
76 
+# Services
77 
+# --------
84 78
85 
-GLANCE_USER=$(get_id keystone user-create --name=glance \
86 
-                                          --pass="$SERVICE_PASSWORD" \
87 
-                                          --tenant_id $SERVICE_TENANT \
88 
-                                          --email=glance@example.com)
89 
-keystone user-role-add --tenant_id $SERVICE_TENANT \
90 
-                       --user_id $GLANCE_USER \
91 
-                       --role_id $ADMIN_ROLE
79 
+# Keystone
80 
+if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
81 
+	KEYSTONE_SERVICE=$(get_id keystone service-create \
82 
+		--name=keystone \
83 
+		--type=identity \
84 
+		--description="Keystone Identity Service")
85 
+	keystone endpoint-create \
86 
+	    --region RegionOne \
87 
+		--service_id $KEYSTONE_SERVICE \
88 
+		--publicurl "http://$SERVICE_HOST:\$(public_port)s/v2.0" \
89 
+		--adminurl "http://$SERVICE_HOST:\$(admin_port)s/v2.0" \
90 
+		--internalurl "http://$SERVICE_HOST:\$(admin_port)s/v2.0"
91 
+fi
92 92
93 
-if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
94 
-    SWIFT_USER=$(get_id keystone user-create --name=swift \
95 
-                                             --pass="$SERVICE_PASSWORD" \
96 
-                                             --tenant_id $SERVICE_TENANT \
97 
-                                             --email=swift@example.com)
98 
-    keystone user-role-add --tenant_id $SERVICE_TENANT \
99 
-                           --user_id $SWIFT_USER \
100 
-                           --role_id $ADMIN_ROLE
93 
+# Nova
94 
+if [[ "$ENABLED_SERVICES" =~ "n-cpu" ]]; then
95 
+    NOVA_USER=$(get_id keystone user-create \
96 
+        --name=nova \
97 
+        --pass="$SERVICE_PASSWORD" \
98 
+        --tenant_id $SERVICE_TENANT \
99 
+        --email=nova@example.com)
100 
+    keystone user-role-add \
101 
+        --tenant_id $SERVICE_TENANT \
102 
+        --user_id $NOVA_USER \
103 
+        --role_id $ADMIN_ROLE
104 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
105 
+        NOVA_SERVICE=$(get_id keystone service-create \
106 
+            --name=nova \
107 
+            --type=compute \
108 
+            --description="Nova Compute Service")
109 
+        keystone endpoint-create \
110 
+            --region RegionOne \
111 
+            --service_id $NOVA_SERVICE \
112 
+            --publicurl "http://$SERVICE_HOST:\$(compute_port)s/v1.1/\$(tenant_id)s" \
113 
+            --adminurl "http://$SERVICE_HOST:\$(compute_port)s/v1.1/\$(tenant_id)s" \
114 
+            --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v1.1/\$(tenant_id)s"
115 
+    fi
101 116 
     # Nova needs ResellerAdmin role to download images when accessing
102 117 
     # swift through the s3 api. The admin role in swift allows a user
103 118 
     # to act as an admin for their tenant, but ResellerAdmin is needed
104 119 
     # for a user to act as any tenant. The name of this role is also
105 120 
     # configurable in swift-proxy.conf
106 121 
     RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
107 
-    keystone user-role-add --tenant_id $SERVICE_TENANT \
108 
-                           --user_id $NOVA_USER \
109 
-                           --role_id $RESELLER_ROLE
122 
+    keystone user-role-add \
123 
+        --tenant_id $SERVICE_TENANT \
124 
+        --user_id $NOVA_USER \
125 
+        --role_id $RESELLER_ROLE
110 126 
 fi
111 127
112 
-if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
113 
-    QUANTUM_USER=$(get_id keystone user-create --name=quantum \
114 
-                                               --pass="$SERVICE_PASSWORD" \
115 
-                                               --tenant_id $SERVICE_TENANT \
116 
-                                               --email=quantum@example.com)
117 
-    keystone user-role-add --tenant_id $SERVICE_TENANT \
118 
-                           --user_id $QUANTUM_USER \
119 
-                           --role_id $ADMIN_ROLE
128 
+# Volume
129 
+if [[ "$ENABLED_SERVICES" =~ "n-vol" ]]; then
130 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
131 
+        VOLUME_SERVICE=$(get_id keystone service-create \
132 
+            --name=volume \
133 
+            --type=volume \
134 
+            --description="Volume Service")
135 
+        keystone endpoint-create \
136 
+            --region RegionOne \
137 
+            --service_id $VOLUME_SERVICE \
138 
+            --publicurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
139 
+            --adminurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
140 
+            --internalurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s"
141 
+    fi
142 
+fi
143 
+
144 
+# Glance
145 
+if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
146 
+    GLANCE_USER=$(get_id keystone user-create \
147 
+        --name=glance \
148 
+        --pass="$SERVICE_PASSWORD" \
149 
+        --tenant_id $SERVICE_TENANT \
150 
+        --email=glance@example.com)
151 
+    keystone user-role-add \
152 
+        --tenant_id $SERVICE_TENANT \
153 
+        --user_id $GLANCE_USER \
154 
+        --role_id $ADMIN_ROLE
155 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
156 
+        GLANCE_SERVICE=$(get_id keystone service-create \
157 
+            --name=glance \
158 
+            --type=image \
159 
+            --description="Glance Image Service")
160 
+        keystone endpoint-create \
161 
+            --region RegionOne \
162 
+            --service_id $GLANCE_SERVICE \
163 
+            --publicurl "http://$SERVICE_HOST:9292/v1" \
164 
+            --adminurl "http://$SERVICE_HOST:9292/v1" \
165 
+            --internalurl "http://$SERVICE_HOST:9292/v1"
166 
+    fi
167 
+fi
168 
+
169 
+# Swift
170 
+if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
171 
+    SWIFT_USER=$(get_id keystone user-create \
172 
+        --name=swift \
173 
+        --pass="$SERVICE_PASSWORD" \
174 
+        --tenant_id $SERVICE_TENANT \
175 
+        --email=swift@example.com)
176 
+    keystone user-role-add \
177 
+        --tenant_id $SERVICE_TENANT \
178 
+        --user_id $SWIFT_USER \
179 
+        --role_id $ADMIN_ROLE
180 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
181 
+        SWIFT_SERVICE=$(get_id keystone service-create \
182 
+            --name=swift \
183 
+            --type="object-store" \
184 
+            --description="Swift Service")
185 
+        keystone endpoint-create \
186 
+            --region RegionOne \
187 
+            --service_id $SWIFT_SERVICE \
188 
+            --publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
189 
+            --adminurl "http://$SERVICE_HOST:8080/v1" \
190 
+            --internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
191 
+    fi
192 
+fi
193 
+
194 
+if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
195 
+    QUANTUM_USER=$(get_id keystone user-create \
196 
+        --name=quantum \
197 
+        --pass="$SERVICE_PASSWORD" \
198 
+        --tenant_id $SERVICE_TENANT \
199 
+        --email=quantum@example.com)
200 
+    keystone user-role-add \
201 
+        --tenant_id $SERVICE_TENANT \
202 
+        --user_id $QUANTUM_USER \
203 
+        --role_id $ADMIN_ROLE
204 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
205 
+        QUANTUM_SERVICE=$(get_id keystone service-create \
206 
+            --name=quantum \
207 
+            --type=network \
208 
+            --description="Quantum Service")
209 
+        keystone endpoint-create \
210 
+            --region RegionOne \
211 
+            --service_id $QUANTUM_SERVICE \
212 
+            --publicurl "http://$SERVICE_HOST:9696/" \
213 
+            --adminurl "http://$SERVICE_HOST:9696/" \
214 
+            --internalurl "http://$SERVICE_HOST:9696/"
215 
+    fi
216 
+fi
217 
+
218 
+# EC2
219 
+if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
220 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
221 
+        EC2_SERVICE=$(get_id keystone service-create \
222 
+            --name=ec2 \
223 
+            --type=ec2 \
224 
+            --description="EC2 Compatibility Layer")
225 
+        keystone endpoint-create \
226 
+            --region RegionOne \
227 
+            --service_id $EC2_SERVICE \
228 
+            --publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
229 
+            --adminurl "http://$SERVICE_HOST:8773/services/Admin" \
230 
+            --internalurl "http://$SERVICE_HOST:8773/services/Cloud"
231 
+    fi
232 
+fi
233 
+
234 
+# S3
235 
+if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift" ]]; then
236 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
237 
+        S3_SERVICE=$(get_id keystone service-create \
238 
+            --name=s3 \
239 
+            --type=s3 \
240 
+            --description="S3")
241 
+        keystone endpoint-create \
242 
+            --region RegionOne \
243 
+            --service_id $S3_SERVICE \
244 
+            --publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
245 
+            --adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
246 
+            --internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
247 
+    fi
120 248 
 fi
121 249
122 250 
 if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
123 251 
     # Tempest has some tests that validate various authorization checks
124 252 
     # between two regular users in separate tenants
125 
-    ALT_DEMO_TENANT=$(get_id keystone tenant-create --name=alt_demo)
126 
-    ALT_DEMO_USER=$(get_id keystone user-create --name=alt_demo \
127 
-                                        --pass="$ADMIN_PASSWORD" \
128 
-                                        --email=alt_demo@example.com)
129 
-    keystone user-role-add --user $ALT_DEMO_USER --role $MEMBER_ROLE --tenant_id $ALT_DEMO_TENANT
253 
+    ALT_DEMO_TENANT=$(get_id keystone tenant-create \
254 
+        --name=alt_demo)
255 
+    ALT_DEMO_USER=$(get_id keystone user-create \
256 
+        --name=alt_demo \
257 
+        --pass="$ADMIN_PASSWORD" \
258 
+        --email=alt_demo@example.com)
259 
+    keystone user-role-add \
260 
+        --tenant_id $ALT_DEMO_TENANT \
261 
+        --user_id $ALT_DEMO_USER \
262 
+        --role_id $MEMBER_ROLE
130 263 
 fi
stack.sh
History View file @ 3f7c06f
... ... 
@@ -1866,7 +1866,7 @@ if is_service_enabled key; then
1866 1866
1867 1867 
     KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
1868 1868 
     KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
1869 
-    KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
1869 
+    KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-template}
1870 1870
1871 1871 
     if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
1872 1872 
         sudo mkdir -p $KEYSTONE_CONF_DIR
... ... 
@@ -1877,41 +1877,49 @@ if is_service_enabled key; then
1877 1877 
         cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
1878 1878 
         cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
1879 1879 
     fi
1880 
-    cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
1881 1880
1882 1881 
     # Rewrite stock keystone.conf:
1883 1882 
     iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
1884 1883 
     iniset $KEYSTONE_CONF sql connection "$BASE_SQL_CONN/keystone?charset=utf8"
1885 1884 
     iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
1886 
-    # Configure keystone.conf to use templates
1887 
-    iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog"
1888 
-    iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
1889 1885 
     sed -e "
1890 1886 
         /^pipeline.*ec2_extension crud_/s|ec2_extension crud_extension|ec2_extension s3_extension crud_extension|;
1891 1887 
     " -i $KEYSTONE_CONF
1892 1888 
     # Append the S3 bits
1893 1889 
     iniset $KEYSTONE_CONF filter:s3_extension paste.filter_factory "keystone.contrib.s3:S3Extension.factory"
1894 1890
1895 
-    # Add swift endpoints to service catalog if swift is enabled
1896 
-    if is_service_enabled swift; then
1897 
-        echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1898 
-        echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/" >> $KEYSTONE_CATALOG
1899 
-        echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1900 
-        echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG
1901 
-    fi
1891 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
1892 
+        # Configure keystone.conf to use sql
1893 
+        iniset $KEYSTONE_CONF catalog driver keystone.catalog.backends.sql.Catalog
1894 
+        inicomment $KEYSTONE_CONF catalog template_file
1895 
+    else
1896 
+        KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
1897 
+        cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
1898 
+        # Add swift endpoints to service catalog if swift is enabled
1899 
+        if is_service_enabled swift; then
1900 
+            echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1901 
+            echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/" >> $KEYSTONE_CATALOG
1902 
+            echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1903 
+            echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG
1904 
+        fi
1902 1905
1903 
-    # Add quantum endpoints to service catalog if quantum is enabled
1904 
-    if is_service_enabled quantum; then
1905 
-        echo "catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1906 
-        echo "catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1907 
-        echo "catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1908 
-        echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG
1909 
-    fi
1906 
+        # Add quantum endpoints to service catalog if quantum is enabled
1907 
+        if is_service_enabled quantum; then
1908 
+            echo "catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1909 
+            echo "catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1910 
+            echo "catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1911 
+            echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG
1912 
+        fi
1913 
+
1914 
+        sudo sed -e "
1915 
+            s,%SERVICE_HOST%,$SERVICE_HOST,g;
1916 
+            s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
1917 
+        " -i $KEYSTONE_CATALOG
1910 1918
1911 
-    sudo sed -e "
1912 
-        s,%SERVICE_HOST%,$SERVICE_HOST,g;
1913 
-        s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
1914 
-    " -i $KEYSTONE_CATALOG
1919 
+        # Configure keystone.conf to use templates
1920 
+        iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog"
1921 
+        iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
1922 
+    fi
1915 1923
1916 1924 
     # Set up logging
1917 1925 
     LOGGING_ROOT="devel"
... ... 
@@ -1923,25 +1931,31 @@ if is_service_enabled key; then
1923 1923 
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
1924 1924 
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
1925 1925
1926 
-    # initialize keystone database
1926 
+    # Set up the keystone database
1927 1927 
     $KEYSTONE_DIR/bin/keystone-manage db_sync
1928 1928
1929 1929 
     # launch keystone and wait for it to answer before continuing
1930 1930 
     screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
1931 1931 
     echo "Waiting for keystone to start..."
1932 
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/ 2>&1 | grep -q '200 OK'; do sleep 1; done"; then
1932 
+    if ! timeout $SERVICE_TIMEOUT sh -c "while http_proxy= wget -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/ 2>&1 | grep -q 'refused'; do sleep 1; done"; then
1933 1933 
       echo "keystone did not start"
1934 1934 
       exit 1
1935 1935 
     fi
1936 1936
1937 1937 
     # keystone_data.sh creates services, admin and demo users, and roles.
1938 1938 
     SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
1939 
-    ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
1939 
+
1940 
+    ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \
1941 
+    SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \
1942 
+    S3_SERVICE_PORT=$S3_SERVICE_PORT KEYSTONE_CATALOG_BACKEND=$KEYSTONE_CATALOG_BACKEND \
1943 
+    DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
1940 1944 
         bash $FILES/keystone_data.sh
1941 1945
1942 1946 
     # create an access key and secret key for nova ec2 register image
1943 1947 
     if is_service_enabled swift && is_service_enabled nova; then
1944 
-        CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create)
1948 
+        NOVA_USER_ID=$(keystone user-list | grep ' nova ' | get_field 1)
1949 
+        NOVA_TENANT_ID=$(keystone tenant-list | grep " $SERVICE_TENANT_NAME " | get_field 1)
1950 
+        CREDS=$(keystone ec2-credentials-create --user $NOVA_USER_ID --tenant_id $NOVA_TENANT_ID)
1945 1951 
         ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
1946 1952 
         SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
1947 1953 
         add_nova_opt "s3_access_key=$ACCESS_KEY"