Browse code
Remove some keystone resource parsers
Current "keystone" command can parse the specified resources(tenant,
user, role, service) by itself. Then it is unnecessary to translate
resource names to resource ids in devstack.
This patch removes these resource parsers from devstack for cleanup.
Change-Id: Ibae06581b471f02168b559b4ca0c10f14996d661
Ken'ichi Ohmichi authored on 2013/12/27 19:08:26Showing 1 changed files
| ... | ... |
@@ -28,16 +28,6 @@ export SERVICE_TOKEN=$SERVICE_TOKEN |
| 28 | 28 |
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT |
| 29 | 29 |
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
|
| 30 | 30 |
|
| 31 |
-function get_id () {
|
|
| 32 |
- echo `"$@" | awk '/ id / { print $4 }'`
|
|
| 33 |
-} |
|
| 34 |
- |
|
| 35 |
-# Lookups |
|
| 36 |
-SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
|
| 37 |
-ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
|
| 38 |
-MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
|
|
| 39 |
- |
|
| 40 |
- |
|
| 41 | 31 |
# Roles |
| 42 | 32 |
# ----- |
| 43 | 33 |
|
| ... | ... |
@@ -45,53 +35,52 @@ MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
|
| 45 | 45 |
# The admin role in swift allows a user to act as an admin for their tenant, |
| 46 | 46 |
# but ResellerAdmin is needed for a user to act as any tenant. The name of this |
| 47 | 47 |
# role is also configurable in swift-proxy.conf |
| 48 |
-RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin) |
|
| 48 |
+keystone role-create --name=ResellerAdmin |
|
| 49 | 49 |
# Service role, so service users do not have to be admins |
| 50 |
-SERVICE_ROLE=$(get_id keystone role-create --name=service) |
|
| 50 |
+keystone role-create --name=service |
|
| 51 | 51 |
|
| 52 | 52 |
|
| 53 | 53 |
# Services |
| 54 | 54 |
# -------- |
| 55 | 55 |
|
| 56 | 56 |
if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then |
| 57 |
- NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }")
|
|
| 58 | 57 |
# Nova needs ResellerAdmin role to download images when accessing |
| 59 | 58 |
# swift through the s3 api. |
| 60 | 59 |
keystone user-role-add \ |
| 61 |
- --tenant-id $SERVICE_TENANT \ |
|
| 62 |
- --user-id $NOVA_USER \ |
|
| 63 |
- --role-id $RESELLER_ROLE |
|
| 60 |
+ --tenant $SERVICE_TENANT_NAME \ |
|
| 61 |
+ --user nova \ |
|
| 62 |
+ --role ResellerAdmin |
|
| 64 | 63 |
fi |
| 65 | 64 |
|
| 66 | 65 |
# Heat |
| 67 | 66 |
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then |
| 68 |
- HEAT_USER=$(get_id keystone user-create --name=heat \ |
|
| 67 |
+ keystone user-create --name=heat \ |
|
| 69 | 68 |
--pass="$SERVICE_PASSWORD" \ |
| 70 |
- --tenant_id $SERVICE_TENANT \ |
|
| 71 |
- --email=heat@example.com) |
|
| 72 |
- keystone user-role-add --tenant-id $SERVICE_TENANT \ |
|
| 73 |
- --user-id $HEAT_USER \ |
|
| 74 |
- --role-id $SERVICE_ROLE |
|
| 69 |
+ --tenant $SERVICE_TENANT_NAME \ |
|
| 70 |
+ --email=heat@example.com |
|
| 71 |
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \ |
|
| 72 |
+ --user heat \ |
|
| 73 |
+ --role service |
|
| 75 | 74 |
# heat_stack_user role is for users created by Heat |
| 76 | 75 |
keystone role-create --name heat_stack_user |
| 77 | 76 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 78 |
- HEAT_CFN_SERVICE=$(get_id keystone service-create \ |
|
| 77 |
+ keystone service-create \ |
|
| 79 | 78 |
--name=heat-cfn \ |
| 80 | 79 |
--type=cloudformation \ |
| 81 |
- --description="Heat CloudFormation Service") |
|
| 80 |
+ --description="Heat CloudFormation Service" |
|
| 82 | 81 |
keystone endpoint-create \ |
| 83 | 82 |
--region RegionOne \ |
| 84 |
- --service_id $HEAT_CFN_SERVICE \ |
|
| 83 |
+ --service heat-cfn \ |
|
| 85 | 84 |
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ |
| 86 | 85 |
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ |
| 87 | 86 |
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" |
| 88 |
- HEAT_SERVICE=$(get_id keystone service-create \ |
|
| 87 |
+ keystone service-create \ |
|
| 89 | 88 |
--name=heat \ |
| 90 | 89 |
--type=orchestration \ |
| 91 |
- --description="Heat Service") |
|
| 90 |
+ --description="Heat Service" |
|
| 92 | 91 |
keystone endpoint-create \ |
| 93 | 92 |
--region RegionOne \ |
| 94 |
- --service_id $HEAT_SERVICE \ |
|
| 93 |
+ --service heat \ |
|
| 95 | 94 |
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
| 96 | 95 |
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ |
| 97 | 96 |
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" |
| ... | ... |
@@ -100,23 +89,23 @@ fi |
| 100 | 100 |
|
| 101 | 101 |
# Glance |
| 102 | 102 |
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then |
| 103 |
- GLANCE_USER=$(get_id keystone user-create \ |
|
| 103 |
+ keystone user-create \ |
|
| 104 | 104 |
--name=glance \ |
| 105 | 105 |
--pass="$SERVICE_PASSWORD" \ |
| 106 |
- --tenant_id $SERVICE_TENANT \ |
|
| 107 |
- --email=glance@example.com) |
|
| 106 |
+ --tenant $SERVICE_TENANT_NAME \ |
|
| 107 |
+ --email=glance@example.com |
|
| 108 | 108 |
keystone user-role-add \ |
| 109 |
- --tenant-id $SERVICE_TENANT \ |
|
| 110 |
- --user-id $GLANCE_USER \ |
|
| 111 |
- --role-id $ADMIN_ROLE |
|
| 109 |
+ --tenant $SERVICE_TENANT_NAME \ |
|
| 110 |
+ --user glance \ |
|
| 111 |
+ --role admin |
|
| 112 | 112 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 113 |
- GLANCE_SERVICE=$(get_id keystone service-create \ |
|
| 113 |
+ keystone service-create \ |
|
| 114 | 114 |
--name=glance \ |
| 115 | 115 |
--type=image \ |
| 116 |
- --description="Glance Image Service") |
|
| 116 |
+ --description="Glance Image Service" |
|
| 117 | 117 |
keystone endpoint-create \ |
| 118 | 118 |
--region RegionOne \ |
| 119 |
- --service_id $GLANCE_SERVICE \ |
|
| 119 |
+ --service glance \ |
|
| 120 | 120 |
--publicurl "http://$SERVICE_HOST:9292" \ |
| 121 | 121 |
--adminurl "http://$SERVICE_HOST:9292" \ |
| 122 | 122 |
--internalurl "http://$SERVICE_HOST:9292" |
| ... | ... |
@@ -125,25 +114,25 @@ fi |
| 125 | 125 |
|
| 126 | 126 |
# Ceilometer |
| 127 | 127 |
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then |
| 128 |
- CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \ |
|
| 128 |
+ keystone user-create --name=ceilometer \ |
|
| 129 | 129 |
--pass="$SERVICE_PASSWORD" \ |
| 130 |
- --tenant_id $SERVICE_TENANT \ |
|
| 131 |
- --email=ceilometer@example.com) |
|
| 132 |
- keystone user-role-add --tenant-id $SERVICE_TENANT \ |
|
| 133 |
- --user-id $CEILOMETER_USER \ |
|
| 134 |
- --role-id $ADMIN_ROLE |
|
| 130 |
+ --tenant $SERVICE_TENANT_NAME \ |
|
| 131 |
+ --email=ceilometer@example.com |
|
| 132 |
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \ |
|
| 133 |
+ --user ceilometer \ |
|
| 134 |
+ --role admin |
|
| 135 | 135 |
# Ceilometer needs ResellerAdmin role to access swift account stats. |
| 136 |
- keystone user-role-add --tenant-id $SERVICE_TENANT \ |
|
| 137 |
- --user-id $CEILOMETER_USER \ |
|
| 138 |
- --role-id $RESELLER_ROLE |
|
| 136 |
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \ |
|
| 137 |
+ --user ceilometer \ |
|
| 138 |
+ --role ResellerAdmin |
|
| 139 | 139 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 140 |
- CEILOMETER_SERVICE=$(get_id keystone service-create \ |
|
| 140 |
+ keystone service-create \ |
|
| 141 | 141 |
--name=ceilometer \ |
| 142 | 142 |
--type=metering \ |
| 143 |
- --description="Ceilometer Service") |
|
| 143 |
+ --description="Ceilometer Service" |
|
| 144 | 144 |
keystone endpoint-create \ |
| 145 | 145 |
--region RegionOne \ |
| 146 |
- --service_id $CEILOMETER_SERVICE \ |
|
| 146 |
+ --service ceilometer \ |
|
| 147 | 147 |
--publicurl "http://$SERVICE_HOST:8777" \ |
| 148 | 148 |
--adminurl "http://$SERVICE_HOST:8777" \ |
| 149 | 149 |
--internalurl "http://$SERVICE_HOST:8777" |
| ... | ... |
@@ -153,13 +142,13 @@ fi |
| 153 | 153 |
# EC2 |
| 154 | 154 |
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
| 155 | 155 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 156 |
- EC2_SERVICE=$(get_id keystone service-create \ |
|
| 156 |
+ keystone service-create \ |
|
| 157 | 157 |
--name=ec2 \ |
| 158 | 158 |
--type=ec2 \ |
| 159 |
- --description="EC2 Compatibility Layer") |
|
| 159 |
+ --description="EC2 Compatibility Layer" |
|
| 160 | 160 |
keystone endpoint-create \ |
| 161 | 161 |
--region RegionOne \ |
| 162 |
- --service_id $EC2_SERVICE \ |
|
| 162 |
+ --service ec2 \ |
|
| 163 | 163 |
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \ |
| 164 | 164 |
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \ |
| 165 | 165 |
--internalurl "http://$SERVICE_HOST:8773/services/Cloud" |
| ... | ... |
@@ -169,13 +158,13 @@ fi |
| 169 | 169 |
# S3 |
| 170 | 170 |
if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then |
| 171 | 171 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 172 |
- S3_SERVICE=$(get_id keystone service-create \ |
|
| 172 |
+ keystone service-create \ |
|
| 173 | 173 |
--name=s3 \ |
| 174 | 174 |
--type=s3 \ |
| 175 |
- --description="S3") |
|
| 175 |
+ --description="S3" |
|
| 176 | 176 |
keystone endpoint-create \ |
| 177 | 177 |
--region RegionOne \ |
| 178 |
- --service_id $S3_SERVICE \ |
|
| 178 |
+ --service s3 \ |
|
| 179 | 179 |
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ |
| 180 | 180 |
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ |
| 181 | 181 |
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" |
| ... | ... |
@@ -185,14 +174,14 @@ fi |
| 185 | 185 |
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then |
| 186 | 186 |
# Tempest has some tests that validate various authorization checks |
| 187 | 187 |
# between two regular users in separate tenants |
| 188 |
- ALT_DEMO_TENANT=$(get_id keystone tenant-create \ |
|
| 189 |
- --name=alt_demo) |
|
| 190 |
- ALT_DEMO_USER=$(get_id keystone user-create \ |
|
| 188 |
+ keystone tenant-create \ |
|
| 189 |
+ --name=alt_demo |
|
| 190 |
+ keystone user-create \ |
|
| 191 | 191 |
--name=alt_demo \ |
| 192 | 192 |
--pass="$ADMIN_PASSWORD" \ |
| 193 |
- --email=alt_demo@example.com) |
|
| 193 |
+ --email=alt_demo@example.com |
|
| 194 | 194 |
keystone user-role-add \ |
| 195 |
- --tenant-id $ALT_DEMO_TENANT \ |
|
| 196 |
- --user-id $ALT_DEMO_USER \ |
|
| 197 |
- --role-id $MEMBER_ROLE |
|
| 195 |
+ --tenant alt_demo \ |
|
| 196 |
+ --user alt_demo \ |
|
| 197 |
+ --role Member |
|
| 198 | 198 |
fi |