Browse code
Merge "Use identity_uri instead of auth fragments"
Jenkins authored on 2014/06/18 01:06:48Showing 11 changed files
- lib/ceilometer
- lib/cinder
- lib/glance
- lib/heat
- lib/ironic
- lib/keystone
- lib/neutron
- lib/nova
- lib/nova_plugins/hypervisor-ironic
- lib/trove
- stack.sh
| ... | ... |
@@ -164,9 +164,7 @@ function configure_ceilometer {
|
| 164 | 164 |
iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD |
| 165 | 165 |
iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME |
| 166 | 166 |
|
| 167 |
- iniset $CEILOMETER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 168 |
- iniset $CEILOMETER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 169 |
- iniset $CEILOMETER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 167 |
+ iniset $CEILOMETER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 170 | 168 |
iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer |
| 171 | 169 |
iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
| 172 | 170 |
iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| ... | ... |
@@ -233,9 +233,7 @@ function configure_cinder {
|
| 233 | 233 |
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password |
| 234 | 234 |
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir |
| 235 | 235 |
|
| 236 |
- iniset $CINDER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 237 |
- iniset $CINDER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 238 |
- iniset $CINDER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 236 |
+ iniset $CINDER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 239 | 237 |
iniset $CINDER_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA |
| 240 | 238 |
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| 241 | 239 |
iniset $CINDER_CONF keystone_authtoken admin_user cinder |
| ... | ... |
@@ -89,9 +89,7 @@ function configure_glance {
|
| 89 | 89 |
iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl |
| 90 | 90 |
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG |
| 91 | 91 |
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone |
| 92 |
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 93 |
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 94 |
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 92 |
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 95 | 93 |
iniset $GLANCE_REGISTRY_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA |
| 96 | 94 |
configure_API_version $GLANCE_REGISTRY_CONF $IDENTITY_API_VERSION |
| 97 | 95 |
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| ... | ... |
@@ -107,9 +105,7 @@ function configure_glance {
|
| 107 | 107 |
iniset $GLANCE_API_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/ |
| 108 | 108 |
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ |
| 109 | 109 |
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement |
| 110 |
- iniset $GLANCE_API_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 111 |
- iniset $GLANCE_API_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 112 |
- iniset $GLANCE_API_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 110 |
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 113 | 111 |
iniset $GLANCE_API_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA |
| 114 | 112 |
configure_API_version $GLANCE_API_CONF $IDENTITY_API_VERSION |
| 115 | 113 |
iniset $GLANCE_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| ... | ... |
@@ -128,7 +124,7 @@ function configure_glance {
|
| 128 | 128 |
# Store the images in swift if enabled. |
| 129 | 129 |
if is_service_enabled s-proxy; then |
| 130 | 130 |
iniset $GLANCE_API_CONF DEFAULT default_store swift |
| 131 |
- iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ |
|
| 131 |
+ iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_URI/v2.0/ |
|
| 132 | 132 |
iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift |
| 133 | 133 |
iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD |
| 134 | 134 |
iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True |
| ... | ... |
@@ -147,7 +143,7 @@ function configure_glance {
|
| 147 | 147 |
iniset $GLANCE_CACHE_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/ |
| 148 | 148 |
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ |
| 149 | 149 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url |
| 150 |
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 |
|
| 150 |
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0 |
|
| 151 | 151 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name |
| 152 | 152 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME |
| 153 | 153 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user |
| ... | ... |
@@ -107,9 +107,7 @@ function configure_heat {
|
| 107 | 107 |
fi |
| 108 | 108 |
|
| 109 | 109 |
# keystone authtoken |
| 110 |
- iniset $HEAT_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 111 |
- iniset $HEAT_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 112 |
- iniset $HEAT_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 110 |
+ iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 113 | 111 |
configure_API_version $HEAT_CONF $IDENTITY_API_VERSION |
| 114 | 112 |
iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA |
| 115 | 113 |
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| ... | ... |
@@ -118,7 +116,7 @@ function configure_heat {
|
| 118 | 118 |
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR |
| 119 | 119 |
|
| 120 | 120 |
# ec2authtoken |
| 121 |
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
|
| 121 |
+ iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
|
| 122 | 122 |
|
| 123 | 123 |
# paste_deploy |
| 124 | 124 |
[[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone |
| ... | ... |
@@ -269,7 +267,7 @@ function create_heat_accounts {
|
| 269 | 269 |
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then |
| 270 | 270 |
# Note we have to pass token/endpoint here because the current endpoint and |
| 271 | 271 |
# version negotiation in OSC means just --os-identity-api-version=3 won't work |
| 272 |
- KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3" |
|
| 272 |
+ KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3" |
|
| 273 | 273 |
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ |
| 274 | 274 |
--os-identity-api-version=3 domain create heat \ |
| 275 | 275 |
--description "Owns users and projects created by heat" \ |
| ... | ... |
@@ -162,11 +162,9 @@ function configure_ironic {
|
| 162 | 162 |
function configure_ironic_api {
|
| 163 | 163 |
iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone |
| 164 | 164 |
iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON |
| 165 |
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 166 |
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 167 |
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 165 |
+ iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 168 | 166 |
iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA |
| 169 |
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/ |
|
| 167 |
+ iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI |
|
| 170 | 168 |
iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| 171 | 169 |
iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic |
| 172 | 170 |
iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD |
| ... | ... |
@@ -87,6 +87,10 @@ if is_ssl_enabled_service "key"; then |
| 87 | 87 |
KEYSTONE_SERVICE_PROTOCOL="https" |
| 88 | 88 |
fi |
| 89 | 89 |
|
| 90 |
+# complete URIs |
|
| 91 |
+KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
|
|
| 92 |
+KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
|
|
| 93 |
+ |
|
| 90 | 94 |
# Functions |
| 91 | 95 |
# --------- |
| 92 | 96 |
# cleanup_keystone() - Remove residual data files, anything left over from previous |
| ... | ... |
@@ -726,7 +726,7 @@ function _configure_neutron_metadata_agent {
|
| 726 | 726 |
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP |
| 727 | 727 |
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND" |
| 728 | 728 |
|
| 729 |
- _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True True |
|
| 729 |
+ _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True |
|
| 730 | 730 |
|
| 731 | 731 |
} |
| 732 | 732 |
|
| ... | ... |
@@ -868,18 +868,9 @@ function _neutron_setup_keystone {
|
| 868 | 868 |
local section=$2 |
| 869 | 869 |
local use_auth_url=$3 |
| 870 | 870 |
local skip_auth_cache=$4 |
| 871 |
- local use_service_port=$5 |
|
| 872 |
- local keystone_port=$KEYSTONE_AUTH_PORT |
|
| 873 |
- if [[ -n $use_service_port ]]; then |
|
| 874 |
- keystone_port=$KEYSTONE_SERVICE_PORT |
|
| 875 |
- fi |
|
| 876 |
- if [[ -n $use_auth_url ]]; then |
|
| 877 |
- iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$keystone_port/v2.0" |
|
| 878 |
- else |
|
| 879 |
- iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST |
|
| 880 |
- iniset $conf_file $section auth_port $keystone_port |
|
| 881 |
- iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL |
|
| 882 |
- fi |
|
| 871 |
+ |
|
| 872 |
+ iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI |
|
| 873 |
+ iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI |
|
| 883 | 874 |
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME |
| 884 | 875 |
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME |
| 885 | 876 |
iniset $conf_file $section admin_password $SERVICE_PASSWORD |
| ... | ... |
@@ -456,9 +456,7 @@ function create_nova_conf {
|
| 456 | 456 |
|
| 457 | 457 |
# Add keystone authtoken configuration |
| 458 | 458 |
|
| 459 |
- iniset $NOVA_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 460 |
- iniset $NOVA_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 461 |
- iniset $NOVA_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 459 |
+ iniset $NOVA_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 462 | 460 |
iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| 463 | 461 |
iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA |
| 464 | 462 |
iniset $NOVA_CONF keystone_authtoken admin_user nova |
| ... | ... |
@@ -48,7 +48,7 @@ function configure_nova_hypervisor {
|
| 48 | 48 |
# ironic section |
| 49 | 49 |
iniset $NOVA_CONF ironic admin_username admin |
| 50 | 50 |
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD |
| 51 |
- iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 |
|
| 51 |
+ iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0 |
|
| 52 | 52 |
iniset $NOVA_CONF ironic admin_tenant_name demo |
| 53 | 53 |
iniset $NOVA_CONF ironic api_endpoint http://$SERVICE_HOST:6385/v1 |
| 54 | 54 |
iniset $NOVA_CONF ironic sql_connection `database_connection_url nova_bm` |
| ... | ... |
@@ -133,9 +133,8 @@ function configure_trove {
|
| 133 | 133 |
# Copy api-paste file over to the trove conf dir and configure it |
| 134 | 134 |
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini |
| 135 | 135 |
TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini |
| 136 |
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 137 |
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT |
|
| 138 |
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 136 |
+ |
|
| 137 |
+ iniset $TROVE_API_PASTE_INI filter:authtoken identity_uri $KEYSTONE_AUTH_URI |
|
| 139 | 138 |
iniset $TROVE_API_PASTE_INI filter:authtoken cafile $KEYSTONE_SSL_CA |
| 140 | 139 |
iniset $TROVE_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| 141 | 140 |
iniset $TROVE_API_PASTE_INI filter:authtoken admin_user trove |
| ... | ... |
@@ -158,7 +157,7 @@ function configure_trove {
|
| 158 | 158 |
|
| 159 | 159 |
# (Re)create trove taskmanager conf file if needed |
| 160 | 160 |
if is_service_enabled tr-tmgr; then |
| 161 |
- TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT//v$IDENTITY_API_VERSION |
|
| 161 |
+ TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION |
|
| 162 | 162 |
|
| 163 | 163 |
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD |
| 164 | 164 |
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove` |
| ... | ... |
@@ -913,7 +913,7 @@ if is_service_enabled key; then |
| 913 | 913 |
start_keystone |
| 914 | 914 |
|
| 915 | 915 |
# Set up a temporary admin URI for Keystone |
| 916 |
- SERVICE_ENDPOINT=$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 |
|
| 916 |
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 |
|
| 917 | 917 |
|
| 918 | 918 |
if is_service_enabled tls-proxy; then |
| 919 | 919 |
export OS_CACERT=$INT_CA_DIR/ca-chain.pem |
| ... | ... |
@@ -1346,7 +1346,7 @@ fi |
| 1346 | 1346 |
|
| 1347 | 1347 |
# If Keystone is present you can point ``nova`` cli to this server |
| 1348 | 1348 |
if is_service_enabled key; then |
| 1349 |
- echo "Keystone is serving at $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/" |
|
| 1349 |
+ echo "Keystone is serving at $KEYSTONE_SERVICE_URI/v2.0/" |
|
| 1350 | 1350 |
echo "Examples on using novaclient command line is in exercise.sh" |
| 1351 | 1351 |
echo "The default users are: admin and demo" |
| 1352 | 1352 |
echo "The password: $ADMIN_PASSWORD" |