Keystone is moving more things to require a system scoped token to
work. Getting one of those requires that domain and project information
are not set.
Change-Id: I2e1640e9f9ef6cdf56bef49d1ae8f0591570c3e6
... | ... |
@@ -120,6 +120,17 @@ function write_clouds_yaml { |
120 | 120 |
--os-password $ADMIN_PASSWORD \ |
121 | 121 |
--os-project-name admin |
122 | 122 |
|
123 |
+ # admin with a system-scoped token -> devstack-system |
|
124 |
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \ |
|
125 |
+ --file $CLOUDS_YAML \ |
|
126 |
+ --os-cloud devstack-system-admin \ |
|
127 |
+ --os-region-name $REGION_NAME \ |
|
128 |
+ $CA_CERT_ARG \ |
|
129 |
+ --os-auth-url $KEYSTONE_SERVICE_URI \ |
|
130 |
+ --os-username admin \ |
|
131 |
+ --os-password $ADMIN_PASSWORD \ |
|
132 |
+ --os-system-scope all |
|
133 |
+ |
|
123 | 134 |
# CLean up any old clouds.yaml files we had laying around |
124 | 135 |
rm -f $(eval echo ~"$STACK_USER")/.config/openstack/clouds.yaml |
125 | 136 |
} |
... | ... |
@@ -41,12 +41,19 @@ class UpdateCloudsYaml(object): |
41 | 41 |
'auth_url': args.os_auth_url, |
42 | 42 |
'username': args.os_username, |
43 | 43 |
'password': args.os_password, |
44 |
- 'project_name': args.os_project_name, |
|
45 | 44 |
}, |
46 | 45 |
} |
47 |
- if args.os_identity_api_version == '3': |
|
46 |
+ if args.os_project_name and args.os_system_scope: |
|
47 |
+ print( |
|
48 |
+ "WARNING: os_project_name and os_system_scope were both" |
|
49 |
+ " given. os_system_scope will take priority.") |
|
50 |
+ if args.os_project_name and not args.os_system_scope: |
|
51 |
+ self._cloud_data['auth']['project_name'] = args.os_project_name |
|
52 |
+ if args.os_identity_api_version == '3' and not args.os_system_scope: |
|
48 | 53 |
self._cloud_data['auth']['user_domain_id'] = 'default' |
49 | 54 |
self._cloud_data['auth']['project_domain_id'] = 'default' |
55 |
+ if args.os_system_scope: |
|
56 |
+ self._cloud_data['auth']['system_scope'] = args.os_system_scope |
|
50 | 57 |
if args.os_cacert: |
51 | 58 |
self._cloud_data['cacert'] = args.os_cacert |
52 | 59 |
|
... | ... |
@@ -88,7 +95,8 @@ def main(): |
88 | 88 |
parser.add_argument('--os-auth-url', required=True) |
89 | 89 |
parser.add_argument('--os-username', required=True) |
90 | 90 |
parser.add_argument('--os-password', required=True) |
91 |
- parser.add_argument('--os-project-name', required=True) |
|
91 |
+ parser.add_argument('--os-project-name') |
|
92 |
+ parser.add_argument('--os-system-scope') |
|
92 | 93 |
|
93 | 94 |
args = parser.parse_args() |
94 | 95 |
|