1. devstack
  2. Commit 6b93f829c1a78b5e0a06a05a7e8966f6abfc3474
Browse code

Merge "Support sql service catalog backend"

Jenkins authored on 2012/06/28 04:34:33
Showing 2 changed files
files/keystone_data.sh
History View file @ 6b93f82
... ... 
@@ -20,8 +20,13 @@
20 20 
 # SERVICE_TOKEN - aka admin_token in keystone.conf
21 21 
 # SERVICE_ENDPOINT - local Keystone admin endpoint
22 22 
 # SERVICE_TENANT_NAME - name of tenant containing service accounts
23 
+# SERVICE_HOST - host used for endpoint creation
23 24 
 # ENABLED_SERVICES - stack.sh's list of services to start
24 25 
 # DEVSTACK_DIR - Top-level DevStack directory
26 
+# KEYSTONE_CATALOG_BACKEND - used to determine service catalog creation
27 
+
28 
+# Defaults
29 
+# --------
25 30
26 31 
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
27 32 
 SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
... ... 
@@ -30,10 +35,13 @@ export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
30 30 
 SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
31 31
32 32 
 function get_id () {
33 
-    echo `$@ | awk '/ id / { print $4 }'`
33 
+    echo `"$@" | awk '/ id / { print $4 }'`
34 34 
 }
35 35
36 
+
36 37 
 # Tenants
38 
+# -------
39 
+
37 40 
 ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
38 41 
 SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
39 42 
 DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
... ... 
@@ -41,6 +49,8 @@ INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
41 41
42 42
43 43 
 # Users
44 
+# -----
45 
+
44 46 
 ADMIN_USER=$(get_id keystone user-create --name=admin \
45 47 
                                          --pass="$ADMIN_PASSWORD" \
46 48 
                                          --email=admin@example.com)
... ... 
@@ -50,6 +60,8 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
50 50
51 51
52 52 
 # Roles
53 
+# -----
54 
+
53 55 
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
54 56 
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
55 57 
 KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
... ... 
@@ -74,60 +86,193 @@ keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $
74 74 
 keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $INVIS_TENANT
75 75
76 76
77 
-# Configure service users/roles
78 
-NOVA_USER=$(get_id keystone user-create --name=nova \
79 
-                                        --pass="$SERVICE_PASSWORD" \
80 
-                                        --tenant_id $SERVICE_TENANT \
81 
-                                        --email=nova@example.com)
82 
-keystone user-role-add --tenant_id $SERVICE_TENANT \
83 
-                       --user_id $NOVA_USER \
84 
-                       --role_id $ADMIN_ROLE
77 
+# Services
78 
+# --------
85 79
86 
-GLANCE_USER=$(get_id keystone user-create --name=glance \
87 
-                                          --pass="$SERVICE_PASSWORD" \
88 
-                                          --tenant_id $SERVICE_TENANT \
89 
-                                          --email=glance@example.com)
90 
-keystone user-role-add --tenant_id $SERVICE_TENANT \
91 
-                       --user_id $GLANCE_USER \
92 
-                       --role_id $ADMIN_ROLE
80 
+# Keystone
81 
+if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
82 
+	KEYSTONE_SERVICE=$(get_id keystone service-create \
83 
+		--name=keystone \
84 
+		--type=identity \
85 
+		--description="Keystone Identity Service")
86 
+	keystone endpoint-create \
87 
+	    --region RegionOne \
88 
+		--service_id $KEYSTONE_SERVICE \
89 
+		--publicurl "http://$SERVICE_HOST:\$(public_port)s/v2.0" \
90 
+		--adminurl "http://$SERVICE_HOST:\$(admin_port)s/v2.0" \
91 
+		--internalurl "http://$SERVICE_HOST:\$(admin_port)s/v2.0"
92 
+fi
93 93
94 
-if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
95 
-    SWIFT_USER=$(get_id keystone user-create --name=swift \
96 
-                                             --pass="$SERVICE_PASSWORD" \
97 
-                                             --tenant_id $SERVICE_TENANT \
98 
-                                             --email=swift@example.com)
99 
-    keystone user-role-add --tenant_id $SERVICE_TENANT \
100 
-                           --user_id $SWIFT_USER \
101 
-                           --role_id $ADMIN_ROLE
94 
+# Nova
95 
+if [[ "$ENABLED_SERVICES" =~ "n-cpu" ]]; then
96 
+    NOVA_USER=$(get_id keystone user-create \
97 
+        --name=nova \
98 
+        --pass="$SERVICE_PASSWORD" \
99 
+        --tenant_id $SERVICE_TENANT \
100 
+        --email=nova@example.com)
101 
+    keystone user-role-add \
102 
+        --tenant_id $SERVICE_TENANT \
103 
+        --user_id $NOVA_USER \
104 
+        --role_id $ADMIN_ROLE
105 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
106 
+        NOVA_SERVICE=$(get_id keystone service-create \
107 
+            --name=nova \
108 
+            --type=compute \
109 
+            --description="Nova Compute Service")
110 
+        keystone endpoint-create \
111 
+            --region RegionOne \
112 
+            --service_id $NOVA_SERVICE \
113 
+            --publicurl "http://$SERVICE_HOST:\$(compute_port)s/v1.1/\$(tenant_id)s" \
114 
+            --adminurl "http://$SERVICE_HOST:\$(compute_port)s/v1.1/\$(tenant_id)s" \
115 
+            --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v1.1/\$(tenant_id)s"
116 
+    fi
102 117 
     # Nova needs ResellerAdmin role to download images when accessing
103 118 
     # swift through the s3 api. The admin role in swift allows a user
104 119 
     # to act as an admin for their tenant, but ResellerAdmin is needed
105 120 
     # for a user to act as any tenant. The name of this role is also
106 121 
     # configurable in swift-proxy.conf
107 122 
     RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
108 
-    keystone user-role-add --tenant_id $SERVICE_TENANT \
109 
-                           --user_id $NOVA_USER \
110 
-                           --role_id $RESELLER_ROLE
123 
+    keystone user-role-add \
124 
+        --tenant_id $SERVICE_TENANT \
125 
+        --user_id $NOVA_USER \
126 
+        --role_id $RESELLER_ROLE
111 127 
 fi
112 128
113 
-if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
114 
-    QUANTUM_USER=$(get_id keystone user-create --name=quantum \
115 
-                                               --pass="$SERVICE_PASSWORD" \
116 
-                                               --tenant_id $SERVICE_TENANT \
117 
-                                               --email=quantum@example.com)
118 
-    keystone user-role-add --tenant_id $SERVICE_TENANT \
119 
-                           --user_id $QUANTUM_USER \
120 
-                           --role_id $ADMIN_ROLE
129 
+# Volume
130 
+if [[ "$ENABLED_SERVICES" =~ "n-vol" ]]; then
131 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
132 
+        VOLUME_SERVICE=$(get_id keystone service-create \
133 
+            --name=volume \
134 
+            --type=volume \
135 
+            --description="Volume Service")
136 
+        keystone endpoint-create \
137 
+            --region RegionOne \
138 
+            --service_id $VOLUME_SERVICE \
139 
+            --publicurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
140 
+            --adminurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
141 
+            --internalurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s"
142 
+    fi
143 
+fi
144 
+
145 
+# Glance
146 
+if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
147 
+    GLANCE_USER=$(get_id keystone user-create \
148 
+        --name=glance \
149 
+        --pass="$SERVICE_PASSWORD" \
150 
+        --tenant_id $SERVICE_TENANT \
151 
+        --email=glance@example.com)
152 
+    keystone user-role-add \
153 
+        --tenant_id $SERVICE_TENANT \
154 
+        --user_id $GLANCE_USER \
155 
+        --role_id $ADMIN_ROLE
156 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
157 
+        GLANCE_SERVICE=$(get_id keystone service-create \
158 
+            --name=glance \
159 
+            --type=image \
160 
+            --description="Glance Image Service")
161 
+        keystone endpoint-create \
162 
+            --region RegionOne \
163 
+            --service_id $GLANCE_SERVICE \
164 
+            --publicurl "http://$SERVICE_HOST:9292/v1" \
165 
+            --adminurl "http://$SERVICE_HOST:9292/v1" \
166 
+            --internalurl "http://$SERVICE_HOST:9292/v1"
167 
+    fi
168 
+fi
169 
+
170 
+# Swift
171 
+if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
172 
+    SWIFT_USER=$(get_id keystone user-create \
173 
+        --name=swift \
174 
+        --pass="$SERVICE_PASSWORD" \
175 
+        --tenant_id $SERVICE_TENANT \
176 
+        --email=swift@example.com)
177 
+    keystone user-role-add \
178 
+        --tenant_id $SERVICE_TENANT \
179 
+        --user_id $SWIFT_USER \
180 
+        --role_id $ADMIN_ROLE
181 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
182 
+        SWIFT_SERVICE=$(get_id keystone service-create \
183 
+            --name=swift \
184 
+            --type="object-store" \
185 
+            --description="Swift Service")
186 
+        keystone endpoint-create \
187 
+            --region RegionOne \
188 
+            --service_id $SWIFT_SERVICE \
189 
+            --publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
190 
+            --adminurl "http://$SERVICE_HOST:8080/v1" \
191 
+            --internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
192 
+    fi
193 
+fi
194 
+
195 
+if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
196 
+    QUANTUM_USER=$(get_id keystone user-create \
197 
+        --name=quantum \
198 
+        --pass="$SERVICE_PASSWORD" \
199 
+        --tenant_id $SERVICE_TENANT \
200 
+        --email=quantum@example.com)
201 
+    keystone user-role-add \
202 
+        --tenant_id $SERVICE_TENANT \
203 
+        --user_id $QUANTUM_USER \
204 
+        --role_id $ADMIN_ROLE
205 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
206 
+        QUANTUM_SERVICE=$(get_id keystone service-create \
207 
+            --name=quantum \
208 
+            --type=network \
209 
+            --description="Quantum Service")
210 
+        keystone endpoint-create \
211 
+            --region RegionOne \
212 
+            --service_id $QUANTUM_SERVICE \
213 
+            --publicurl "http://$SERVICE_HOST:9696/" \
214 
+            --adminurl "http://$SERVICE_HOST:9696/" \
215 
+            --internalurl "http://$SERVICE_HOST:9696/"
216 
+    fi
217 
+fi
218 
+
219 
+# EC2
220 
+if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
221 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
222 
+        EC2_SERVICE=$(get_id keystone service-create \
223 
+            --name=ec2 \
224 
+            --type=ec2 \
225 
+            --description="EC2 Compatibility Layer")
226 
+        keystone endpoint-create \
227 
+            --region RegionOne \
228 
+            --service_id $EC2_SERVICE \
229 
+            --publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
230 
+            --adminurl "http://$SERVICE_HOST:8773/services/Admin" \
231 
+            --internalurl "http://$SERVICE_HOST:8773/services/Cloud"
232 
+    fi
233 
+fi
234 
+
235 
+# S3
236 
+if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift" ]]; then
237 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
238 
+        S3_SERVICE=$(get_id keystone service-create \
239 
+            --name=s3 \
240 
+            --type=s3 \
241 
+            --description="S3")
242 
+        keystone endpoint-create \
243 
+            --region RegionOne \
244 
+            --service_id $S3_SERVICE \
245 
+            --publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
246 
+            --adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
247 
+            --internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
248 
+    fi
121 249 
 fi
122 250
123 251 
 if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
124 252 
     # Tempest has some tests that validate various authorization checks
125 253 
     # between two regular users in separate tenants
126 
-    ALT_DEMO_TENANT=$(get_id keystone tenant-create --name=alt_demo)
127 
-    ALT_DEMO_USER=$(get_id keystone user-create --name=alt_demo \
128 
-                                        --pass="$ADMIN_PASSWORD" \
129 
-                                        --email=alt_demo@example.com)
130 
-    keystone user-role-add --user $ALT_DEMO_USER --role $MEMBER_ROLE --tenant_id $ALT_DEMO_TENANT
254 
+    ALT_DEMO_TENANT=$(get_id keystone tenant-create \
255 
+        --name=alt_demo)
256 
+    ALT_DEMO_USER=$(get_id keystone user-create \
257 
+        --name=alt_demo \
258 
+        --pass="$ADMIN_PASSWORD" \
259 
+        --email=alt_demo@example.com)
260 
+    keystone user-role-add \
261 
+        --tenant_id $ALT_DEMO_TENANT \
262 
+        --user_id $ALT_DEMO_USER \
263 
+        --role_id $MEMBER_ROLE
131 264 
 fi
132 265
133 266 
 if [[ "$ENABLED_SERVICES" =~ "cinder" ]]; then
stack.sh
History View file @ 6b93f82
... ... 
@@ -1931,7 +1931,7 @@ if is_service_enabled key; then
1931 1931
1932 1932 
     KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
1933 1933 
     KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
1934 
-    KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
1934 
+    KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-template}
1935 1935
1936 1936 
     if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
1937 1937 
         sudo mkdir -p $KEYSTONE_CONF_DIR
... ... 
@@ -1942,41 +1942,49 @@ if is_service_enabled key; then
1942 1942 
         cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
1943 1943 
         cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
1944 1944 
     fi
1945 
-    cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
1946 1945
1947 1946 
     # Rewrite stock keystone.conf:
1948 1947 
     iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
1949 1948 
     iniset $KEYSTONE_CONF sql connection "$BASE_SQL_CONN/keystone?charset=utf8"
1950 1949 
     iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
1951 
-    # Configure keystone.conf to use templates
1952 
-    iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog"
1953 
-    iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
1954 1950 
     sed -e "
1955 1951 
         /^pipeline.*ec2_extension crud_/s|ec2_extension crud_extension|ec2_extension s3_extension crud_extension|;
1956 1952 
     " -i $KEYSTONE_CONF
1957 1953 
     # Append the S3 bits
1958 1954 
     iniset $KEYSTONE_CONF filter:s3_extension paste.filter_factory "keystone.contrib.s3:S3Extension.factory"
1959 1955
1960 
-    # Add swift endpoints to service catalog if swift is enabled
1961 
-    if is_service_enabled swift; then
1962 
-        echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1963 
-        echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/" >> $KEYSTONE_CATALOG
1964 
-        echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1965 
-        echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG
1966 
-    fi
1956 
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
1957 
+        # Configure keystone.conf to use sql
1958 
+        iniset $KEYSTONE_CONF catalog driver keystone.catalog.backends.sql.Catalog
1959 
+        inicomment $KEYSTONE_CONF catalog template_file
1960 
+    else
1961 
+        KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
1962 
+        cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
1963 
+        # Add swift endpoints to service catalog if swift is enabled
1964 
+        if is_service_enabled swift; then
1965 
+            echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1966 
+            echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/" >> $KEYSTONE_CATALOG
1967 
+            echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
1968 
+            echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG
1969 
+        fi
1967 1970
1968 
-    # Add quantum endpoints to service catalog if quantum is enabled
1969 
-    if is_service_enabled quantum; then
1970 
-        echo "catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1971 
-        echo "catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1972 
-        echo "catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1973 
-        echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG
1974 
-    fi
1971 
+        # Add quantum endpoints to service catalog if quantum is enabled
1972 
+        if is_service_enabled quantum; then
1973 
+            echo "catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1974 
+            echo "catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1975 
+            echo "catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:9696/" >> $KEYSTONE_CATALOG
1976 
+            echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG
1977 
+        fi
1978 
+
1979 
+        sudo sed -e "
1980 
+            s,%SERVICE_HOST%,$SERVICE_HOST,g;
1981 
+            s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
1982 
+        " -i $KEYSTONE_CATALOG
1975 1983
1976 
-    sudo sed -e "
1977 
-        s,%SERVICE_HOST%,$SERVICE_HOST,g;
1978 
-        s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
1979 
-    " -i $KEYSTONE_CATALOG
1984 
+        # Configure keystone.conf to use templates
1985 
+        iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog"
1986 
+        iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
1987 
+    fi
1980 1988
1981 1989 
     # Set up logging
1982 1990 
     LOGGING_ROOT="devel"
... ... 
@@ -1988,25 +1996,31 @@ if is_service_enabled key; then
1988 1988 
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
1989 1989 
     iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
1990 1990
1991 
-    # initialize keystone database
1991 
+    # Set up the keystone database
1992 1992 
     $KEYSTONE_DIR/bin/keystone-manage db_sync
1993 1993
1994 1994 
     # launch keystone and wait for it to answer before continuing
1995 1995 
     screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
1996 1996 
     echo "Waiting for keystone to start..."
1997 
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/ 2>&1 | grep -q '200 OK'; do sleep 1; done"; then
1997 
+    if ! timeout $SERVICE_TIMEOUT sh -c "while http_proxy= wget -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/ 2>&1 | grep -q 'refused'; do sleep 1; done"; then
1998 1998 
       echo "keystone did not start"
1999 1999 
       exit 1
2000 2000 
     fi
2001 2001
2002 2002 
     # keystone_data.sh creates services, admin and demo users, and roles.
2003 2003 
     SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
2004 
-    ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
2004 
+
2005 
+    ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \
2006 
+    SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \
2007 
+    S3_SERVICE_PORT=$S3_SERVICE_PORT KEYSTONE_CATALOG_BACKEND=$KEYSTONE_CATALOG_BACKEND \
2008 
+    DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
2005 2009 
         bash $FILES/keystone_data.sh
2006 2010
2007 2011 
     # create an access key and secret key for nova ec2 register image
2008 2012 
     if is_service_enabled swift && is_service_enabled nova; then
2009 
-        CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create)
2013 
+        NOVA_USER_ID=$(keystone user-list | grep ' nova ' | get_field 1)
2014 
+        NOVA_TENANT_ID=$(keystone tenant-list | grep " $SERVICE_TENANT_NAME " | get_field 1)
2015 
+        CREDS=$(keystone ec2-credentials-create --user $NOVA_USER_ID --tenant_id $NOVA_TENANT_ID)
2010 2016 
         ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
2011 2017 
         SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
2012 2018 
         add_nova_opt "s3_access_key=$ACCESS_KEY"