Browse code
Merge "Prepare for dropping keystone admin endpoint"
Zuul authored on 2020/06/27 21:25:28Showing 8 changed files
- functions-common
- lib/glance
- lib/keystone
- lib/neutron-legacy
- lib/nova_plugins/hypervisor-ironic
- lib/swift
- openrc
- stack.sh
| ... | ... |
@@ -47,7 +47,7 @@ KILL_PATH="$(which kill)" |
| 47 | 47 |
|
| 48 | 48 |
# Save these variables to .stackenv |
| 49 | 49 |
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \ |
| 50 |
- KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \ |
|
| 50 |
+ KEYSTONE_SERVICE_URI \ |
|
| 51 | 51 |
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \ |
| 52 | 52 |
HOST_IPV6 SERVICE_IP_VERSION" |
| 53 | 53 |
|
| ... | ... |
@@ -208,8 +208,7 @@ function configure_glance {
|
| 208 | 208 |
|
| 209 | 209 |
if is_service_enabled tls-proxy; then |
| 210 | 210 |
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT |
| 211 |
- |
|
| 212 |
- iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 211 |
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI |
|
| 213 | 212 |
fi |
| 214 | 213 |
|
| 215 | 214 |
# Format logging |
| ... | ... |
@@ -221,7 +220,7 @@ function configure_glance {
|
| 221 | 221 |
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL |
| 222 | 222 |
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG |
| 223 | 223 |
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ |
| 224 |
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI |
|
| 224 |
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI |
|
| 225 | 225 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME |
| 226 | 226 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance |
| 227 | 227 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD |
| ... | ... |
@@ -115,7 +115,7 @@ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/ide
|
| 115 | 115 |
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI |
| 116 | 116 |
|
| 117 | 117 |
# V3 URIs |
| 118 |
-KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3 |
|
| 118 |
+KEYSTONE_AUTH_URI_V3=$KEYSTONE_SERVICE_URI/v3 |
|
| 119 | 119 |
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3 |
| 120 | 120 |
|
| 121 | 121 |
# Security compliance |
| ... | ... |
@@ -413,6 +413,7 @@ function configure_keystone_authtoken_middleware {
|
| 413 | 413 |
local section=${3:-keystone_authtoken}
|
| 414 | 414 |
|
| 415 | 415 |
iniset $conf_file $section auth_type password |
| 416 |
+ iniset $conf_file $section interface public |
|
| 416 | 417 |
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI |
| 417 | 418 |
iniset $conf_file $section username $admin_user |
| 418 | 419 |
iniset $conf_file $section password $SERVICE_PASSWORD |
| ... | ... |
@@ -561,7 +562,6 @@ function stop_keystone {
|
| 561 | 561 |
# - ``KEYSTONE_BIN_DIR`` |
| 562 | 562 |
# - ``ADMIN_PASSWORD`` |
| 563 | 563 |
# - ``IDENTITY_API_VERSION`` |
| 564 |
-# - ``KEYSTONE_AUTH_URI`` |
|
| 565 | 564 |
# - ``REGION_NAME`` |
| 566 | 565 |
# - ``KEYSTONE_SERVICE_PROTOCOL`` |
| 567 | 566 |
# - ``KEYSTONE_SERVICE_HOST`` |
| ... | ... |
@@ -372,7 +372,7 @@ function configure_mutnauq {
|
| 372 | 372 |
function create_nova_conf_neutron {
|
| 373 | 373 |
local conf=${1:-$NOVA_CONF}
|
| 374 | 374 |
iniset $conf neutron auth_type "password" |
| 375 |
- iniset $conf neutron auth_url "$KEYSTONE_AUTH_URI" |
|
| 375 |
+ iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI" |
|
| 376 | 376 |
iniset $conf neutron username "$Q_ADMIN_USERNAME" |
| 377 | 377 |
iniset $conf neutron password "$SERVICE_PASSWORD" |
| 378 | 378 |
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME" |
| ... | ... |
@@ -46,7 +46,7 @@ function configure_nova_hypervisor {
|
| 46 | 46 |
iniset $NOVA_CONF ironic auth_type password |
| 47 | 47 |
iniset $NOVA_CONF ironic username admin |
| 48 | 48 |
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD |
| 49 |
- iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI |
|
| 49 |
+ iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI |
|
| 50 | 50 |
iniset $NOVA_CONF ironic project_domain_id default |
| 51 | 51 |
iniset $NOVA_CONF ironic user_domain_id default |
| 52 | 52 |
iniset $NOVA_CONF ironic project_name demo |
| ... | ... |
@@ -527,7 +527,7 @@ function configure_swift {
|
| 527 | 527 |
else |
| 528 | 528 |
iniset ${testfile} func_test auth_port 80
|
| 529 | 529 |
fi |
| 530 |
- iniset ${testfile} func_test auth_uri ${KEYSTONE_AUTH_URI}
|
|
| 530 |
+ iniset ${testfile} func_test auth_uri ${KEYSTONE_SERVICE_URI}
|
|
| 531 | 531 |
if [[ "$auth_vers" == "3" ]]; then |
| 532 | 532 |
iniset ${testfile} func_test auth_prefix /identity/v3/
|
| 533 | 533 |
else |
| ... | ... |
@@ -87,9 +87,9 @@ export OS_AUTH_TYPE=password |
| 87 | 87 |
|
| 88 | 88 |
# If you don't have a working .stackenv, this is the backup position |
| 89 | 89 |
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000 |
| 90 |
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP}
|
|
| 90 |
+KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP}
|
|
| 91 | 91 |
|
| 92 |
-export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_AUTH_URI}
|
|
| 92 |
+export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI}
|
|
| 93 | 93 |
|
| 94 | 94 |
# Currently, in order to use openstackclient with Identity API v3, |
| 95 | 95 |
# we need to set the domain which the user and project belong to. |
| ... | ... |
@@ -1053,7 +1053,7 @@ cat > $TOP_DIR/userrc_early <<EOF |
| 1053 | 1053 |
|
| 1054 | 1054 |
# Set up password auth credentials now that Keystone is bootstrapped |
| 1055 | 1055 |
export OS_IDENTITY_API_VERSION=3 |
| 1056 |
-export OS_AUTH_URL=$KEYSTONE_AUTH_URI |
|
| 1056 |
+export OS_AUTH_URL=$KEYSTONE_SERVICE_URI |
|
| 1057 | 1057 |
export OS_USERNAME=admin |
| 1058 | 1058 |
export OS_USER_DOMAIN_ID=default |
| 1059 | 1059 |
export OS_PASSWORD=$ADMIN_PASSWORD |