Browse code
Revert "Move default Keystone API version to v3"
It seems like the fallout from this was not well sorted.
A lot of things aren't working, and there is still vestigial
v2 bits left behind.
This should have come with a much greater warning and some
spot checking of additional services working with this.
This reverts commit b162a1d58cdecfb32847b59bd341e06c26efb1ed.
Change-Id: Ia792b23119c00089542ba08879dca1c29dc80945
Sean Dague authored on 2016/02/01 23:58:20Showing 7 changed files
- lib/glance
- lib/heat
- lib/nova_plugins/hypervisor-ironic
- lib/tempest
- openrc
- stackrc
- tools/create_userrc.sh
| ... | ... |
@@ -205,7 +205,7 @@ function configure_glance {
|
| 205 | 205 |
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG |
| 206 | 206 |
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ |
| 207 | 207 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url |
| 208 |
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3 |
|
| 208 |
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0 |
|
| 209 | 209 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name |
| 210 | 210 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME |
| 211 | 211 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user |
| ... | ... |
@@ -167,7 +167,7 @@ function configure_heat {
|
| 167 | 167 |
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI |
| 168 | 168 |
|
| 169 | 169 |
# ec2authtoken |
| 170 |
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v3 |
|
| 170 |
+ iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
|
| 171 | 171 |
|
| 172 | 172 |
# OpenStack API |
| 173 | 173 |
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT |
| ... | ... |
@@ -47,7 +47,7 @@ function configure_nova_hypervisor {
|
| 47 | 47 |
# ironic section |
| 48 | 48 |
iniset $NOVA_CONF ironic admin_username admin |
| 49 | 49 |
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD |
| 50 |
- iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v3 |
|
| 50 |
+ iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0 |
|
| 51 | 51 |
iniset $NOVA_CONF ironic admin_tenant_name demo |
| 52 | 52 |
iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1 |
| 53 | 53 |
} |
| ... | ... |
@@ -259,7 +259,6 @@ function configure_tempest {
|
| 259 | 259 |
# Identity |
| 260 | 260 |
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/" |
| 261 | 261 |
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3" |
| 262 |
- iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
|
|
| 263 | 262 |
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then |
| 264 | 263 |
iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME |
| 265 | 264 |
iniset $TEMPEST_CONFIG auth admin_password "$password" |
| ... | ... |
@@ -270,6 +269,10 @@ function configure_tempest {
|
| 270 | 270 |
if [ "$ENABLE_IDENTITY_V2" == "False" ]; then |
| 271 | 271 |
# Only Identity v3 is available; then skip Identity API v2 tests |
| 272 | 272 |
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False |
| 273 |
+ # In addition, use v3 auth tokens for running all Tempest tests |
|
| 274 |
+ iniset $TEMPEST_CONFIG identity auth_version v3 |
|
| 275 |
+ else |
|
| 276 |
+ iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
|
|
| 273 | 277 |
fi |
| 274 | 278 |
|
| 275 | 279 |
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then |
| ... | ... |
@@ -77,22 +77,15 @@ KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
|
| 77 | 77 |
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
|
| 78 | 78 |
|
| 79 | 79 |
# Identity API version |
| 80 |
-export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
|
|
| 80 |
+export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
|
|
| 81 | 81 |
|
| 82 | 82 |
# Authenticating against an OpenStack cloud using Keystone returns a **Token** |
| 83 | 83 |
# and **Service Catalog**. The catalog contains the endpoints for all services |
| 84 | 84 |
# the user/tenant has access to - including nova, glance, keystone, swift, ... |
| 85 |
-# We currently recommend using the version 3 *identity api*. |
|
| 85 |
+# We currently recommend using the 2.0 *identity api*. |
|
| 86 | 86 |
# |
| 87 | 87 |
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
|
| 88 | 88 |
|
| 89 |
-# Currently, in order to use openstackclient with Identity API v3, |
|
| 90 |
-# we need to set the domain which the user and project belong to. |
|
| 91 |
-if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then |
|
| 92 |
- export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
|
|
| 93 |
- export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
|
|
| 94 |
-fi |
|
| 95 |
- |
|
| 96 | 89 |
# Set OS_CACERT to a default CA certificate chain if it exists. |
| 97 | 90 |
if [[ ! -v OS_CACERT ]] ; then |
| 98 | 91 |
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem |
| ... | ... |
@@ -130,7 +130,7 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then |
| 130 | 130 |
fi |
| 131 | 131 |
|
| 132 | 132 |
# Configure Identity API version: 2.0, 3 |
| 133 |
-IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
|
|
| 133 |
+IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
|
|
| 134 | 134 |
|
| 135 | 135 |
# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack |
| 136 | 136 |
# deployment will be deploying the Identity v2 pipelines. If this option is set |
| ... | ... |
@@ -133,7 +133,7 @@ if [ -z "$OS_USERNAME" ]; then |
| 133 | 133 |
fi |
| 134 | 134 |
|
| 135 | 135 |
if [ -z "$OS_AUTH_URL" ]; then |
| 136 |
- export OS_AUTH_URL=http://localhost:5000/v3/ |
|
| 136 |
+ export OS_AUTH_URL=http://localhost:5000/v2.0/ |
|
| 137 | 137 |
fi |
| 138 | 138 |
|
| 139 | 139 |
if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then |
| ... | ... |
@@ -236,7 +236,7 @@ export EC2_PRIVATE_KEY="$ec2_private_key" |
| 236 | 236 |
export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id) |
| 237 | 237 |
export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem" |
| 238 | 238 |
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem" |
| 239 |
-export OS_AUTH_TYPE=v3password |
|
| 239 |
+export OS_AUTH_TYPE=v2password |
|
| 240 | 240 |
EOF |
| 241 | 241 |
if [ -n "$ADDPASS" ]; then |
| 242 | 242 |
echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile" |