Merge "Deprecate heat-keystone-setup"
This commit is contained in:
commit
dc21480a46
@ -1,5 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "Warning: This script is deprecated! Please use other tool to setup keystone for heat." >&2
|
||||||
|
|
||||||
set +e
|
set +e
|
||||||
|
|
||||||
KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
|
KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
|
||||||
@ -19,12 +21,12 @@ if [[ -z "$SERVICE_TOKEN" ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
set_admin_token() {
|
set_admin_token() {
|
||||||
alias keystone="keystone --token $SERVICE_TOKEN \
|
alias openstack="openstack --os-token $SERVICE_TOKEN \
|
||||||
--endpoint $SERVICE_ENDPOINT"
|
--os-endpoint $SERVICE_ENDPOINT"
|
||||||
}
|
}
|
||||||
|
|
||||||
unset_admin_token() {
|
unset_admin_token() {
|
||||||
unalias keystone
|
unalias openstack
|
||||||
}
|
}
|
||||||
|
|
||||||
#### utilities functions merged from devstack to check required parameter is not empty
|
#### utilities functions merged from devstack to check required parameter is not empty
|
||||||
@ -113,31 +115,19 @@ get_id () {
|
|||||||
get_data 1 id 2 "$@"
|
get_data 1 id 2 "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
get_column_num() {
|
|
||||||
local name=$1
|
|
||||||
shift
|
|
||||||
$@ | awk -F'|' "NR == 2 && /^|/ { for (i=2; i<NF; i++) if (\$i ~ \"^ *${name} *\$\") print (i - 1) }"
|
|
||||||
}
|
|
||||||
|
|
||||||
get_user() {
|
get_user() {
|
||||||
local username=$1
|
local username=$1
|
||||||
|
|
||||||
# Output format of keystone user-list changed between essex and
|
local user_id=$(get_data 2 $username 1 openstack user list)
|
||||||
# folsom - the columns have been re-ordered (!?), so detect what
|
|
||||||
# column to pass to get_data via get_column_num
|
|
||||||
namecol=$(get_column_num name keystone user-list)
|
|
||||||
die_if_not_set $LINENO namecol "Fail to get namecol for name by 'keystone user-list' "
|
|
||||||
|
|
||||||
local user_id=$(get_data $namecol $username 1 keystone user-list)
|
|
||||||
|
|
||||||
if [ -n "$user_id" ]; then
|
if [ -n "$user_id" ]; then
|
||||||
echo "Found existing $username user" >&2
|
echo "Found existing $username user" >&2
|
||||||
echo $user_id
|
echo $user_id
|
||||||
else
|
else
|
||||||
echo "Creating $username user..." >&2
|
echo "Creating $username user..." >&2
|
||||||
get_id keystone user-create --name=$username \
|
get_id openstack user create $username \
|
||||||
--pass="$SERVICE_PASSWORD" \
|
--password="$SERVICE_PASSWORD" \
|
||||||
--tenant_id $SERVICE_TENANT \
|
--project $SERVICE_TENANT \
|
||||||
--email=$username@example.com
|
--email=$username@example.com
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -148,14 +138,8 @@ add_role() {
|
|||||||
local role_id=$3
|
local role_id=$3
|
||||||
local username=$4
|
local username=$4
|
||||||
|
|
||||||
# The keystone argument format changed between essex and folsom
|
user_roles=$(openstack user role list $user_id\
|
||||||
# so we use the fact that the folsom keystone version has a new
|
--project $tenant 2>/dev/null)
|
||||||
# option "user-role-list" to detect we're on that newer version
|
|
||||||
# This also allows us to detect when the user already has the
|
|
||||||
# requested role_id, preventing an error on folsom
|
|
||||||
user_roles=$(keystone user-role-list \
|
|
||||||
--user_id $user_id\
|
|
||||||
--tenant_id $tenant 2>/dev/null)
|
|
||||||
if [ $? == 0 ]; then
|
if [ $? == 0 ]; then
|
||||||
# Folsom
|
# Folsom
|
||||||
existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
|
existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
|
||||||
@ -164,26 +148,21 @@ add_role() {
|
|||||||
echo "User $username already has role $role_id" >&2
|
echo "User $username already has role $role_id" >&2
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
keystone user-role-add --tenant_id $tenant \
|
openstack role add --project $tenant \
|
||||||
--user_id $user_id \
|
--user $user_id \
|
||||||
--role_id $role_id
|
$role_id
|
||||||
else
|
|
||||||
# Essex
|
|
||||||
keystone user-role-add --tenant_id $tenant \
|
|
||||||
--user $user_id \
|
|
||||||
--role $role_id
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
create_role() {
|
create_role() {
|
||||||
local role_name=$1
|
local role_name=$1
|
||||||
|
|
||||||
role_id=$(get_data 2 $role_name 1 keystone role-list)
|
role_id=$(get_data 2 $role_name 1 openstack role list)
|
||||||
if [ -n "$role_id" ]
|
if [ -n "$role_id" ]
|
||||||
then
|
then
|
||||||
echo "Role $role_name already exists : $role_id" >&2
|
echo "Role $role_name already exists : $role_id" >&2
|
||||||
else
|
else
|
||||||
keystone role-create --name $role_name
|
openstack role create $role_name
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -191,36 +170,22 @@ get_endpoint() {
|
|||||||
local service_type=$1
|
local service_type=$1
|
||||||
|
|
||||||
unset_admin_token
|
unset_admin_token
|
||||||
keystone endpoint-get --service $service_type
|
openstack endpoint show $service_type
|
||||||
set_admin_token
|
set_admin_token
|
||||||
}
|
}
|
||||||
|
|
||||||
delete_endpoint() {
|
delete_endpoint() {
|
||||||
local service_type=$1
|
local service_type=$1
|
||||||
|
|
||||||
case $service_type in
|
local endpoints=$(get_data 4 $service_type 1 openstack endpoint list)
|
||||||
volume) urlsuffix='\\\\$\\\\(tenant_id)s';;
|
|
||||||
orchestration) urlsuffix='%[(]tenant_id[)]s';;
|
|
||||||
# cloudformation has no hash suffix
|
|
||||||
*) urlsuffix=''
|
|
||||||
esac
|
|
||||||
|
|
||||||
local url=$(get_data 1 "${service_type}[.]publicURL" 2 \
|
for endpoint in $endpoints; do
|
||||||
get_endpoint $service_type 2>/dev/null | \
|
echo "Removing $service_type endpoint ${endpoint}..." >&2
|
||||||
sed -r "s/[a-f0-9]{32}/$urlsuffix/")
|
openstack endpoint delete "$endpoint" >&2
|
||||||
|
done
|
||||||
|
|
||||||
if [ -n "$url" ]; then
|
if [ -z "$endpoints" ]; then false; fi
|
||||||
local endpoints=$(get_data 3 $url 1 keystone endpoint-list)
|
|
||||||
|
|
||||||
for endpoint in $endpoints; do
|
|
||||||
echo "Removing $service_type endpoint ${endpoint}..." >&2
|
|
||||||
keystone endpoint-delete "$endpoint" >&2
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -z "$endpoints" ]; then false; fi
|
|
||||||
else
|
|
||||||
false
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
delete_all_endpoints() {
|
delete_all_endpoints() {
|
||||||
@ -234,12 +199,12 @@ delete_service() {
|
|||||||
|
|
||||||
delete_all_endpoints $service_type
|
delete_all_endpoints $service_type
|
||||||
|
|
||||||
local service_ids=$(get_data 3 $service_type 1 keystone service-list)
|
local service_ids=$(get_data 3 $service_type 1 openstack service list)
|
||||||
|
|
||||||
for service in $service_ids; do
|
for service in $service_ids; do
|
||||||
local service_name=$(get_data 1 $service 2 keystone service-list)
|
local service_name=$(get_data 1 $service 2 openstack service list)
|
||||||
echo "Removing $service_name:$service_type service..." >&2
|
echo "Removing $service_name:$service_type service..." >&2
|
||||||
keystone service-delete $service >&2
|
openstack service delete $service >&2
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -250,35 +215,32 @@ get_service() {
|
|||||||
|
|
||||||
delete_service $service_type
|
delete_service $service_type
|
||||||
|
|
||||||
get_id keystone service-create --name=$service_name \
|
get_id openstack service create --name=$service_name \
|
||||||
--type=$service_type \
|
--description="$description" \
|
||||||
--description="$description"
|
$service_type
|
||||||
}
|
}
|
||||||
|
|
||||||
add_endpoint() {
|
add_endpoint() {
|
||||||
local service_id=$1
|
local service_id=$1
|
||||||
local url="$2"
|
local url="$2"
|
||||||
|
|
||||||
keystone endpoint-create --region RegionOne --service_id $service_id \
|
openstack endpoint create --region RegionOne --publicurl "$url" \
|
||||||
--publicurl "$url" --adminurl "$url" --internalurl "$url" >&2
|
--adminurl "$url" --internalurl "$url" $service_id >&2
|
||||||
}
|
}
|
||||||
|
|
||||||
keystone_setup() {
|
keystone_setup() {
|
||||||
# Make sure we can use keystone command without OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT
|
|
||||||
# credential, because we need to use keystone endpoint-get command below, and the
|
|
||||||
# keystone endpoint-get command can not run correctly
|
|
||||||
# using OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT credential.
|
|
||||||
unset OS_SERVICE_TOKEN
|
unset OS_SERVICE_TOKEN
|
||||||
unset OS_SERVICE_ENDPOINT
|
unset OS_SERVICE_ENDPOINT
|
||||||
TENANT_ID=$(get_data 1 tenant_id 2 keystone token-get)
|
TENANT_ID=$(get_data 1 project_id 2 openstack token issue)
|
||||||
die_if_not_set $LINENO TENANT_ID "Fail to get TENANT_ID by 'token-get' "
|
die_if_not_set $LINENO TENANT_ID "Fail to get TENANT_ID by 'openstack token issue' "
|
||||||
|
|
||||||
set_admin_token
|
set_admin_token
|
||||||
|
|
||||||
ADMIN_ROLE=$(get_data 2 admin 1 keystone role-list)
|
ADMIN_ROLE=$(get_data 2 admin 1 openstack role list)
|
||||||
die_if_not_set $LINENO ADMIN_ROLE "Fail to get ADMIN_ROLE by 'keystone role-list' "
|
die_if_not_set $LINENO ADMIN_ROLE "Fail to get ADMIN_ROLE by 'openstack role list' "
|
||||||
SERVICE_TENANT=$(get_data 2 service 1 keystone tenant-list)
|
SERVICE_TENANT=$(get_data 2 service 1 openstack project list)
|
||||||
die_if_not_set $LINENO SERVICE_TENANT "Fail to get service tenant 'keystone tenant-list' "
|
die_if_not_set $LINENO SERVICE_TENANT "Fail to get service tenant 'openstack project list' "
|
||||||
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD}
|
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD}
|
||||||
SERVICE_HOST=${SERVICE_HOST:-localhost}
|
SERVICE_HOST=${SERVICE_HOST:-localhost}
|
||||||
|
|
||||||
|
@ -13,6 +13,8 @@ SYNOPSIS
|
|||||||
|
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
===========
|
===========
|
||||||
|
Warning: This script is deprecated, please use other tool to setup keystone for heat.
|
||||||
|
|
||||||
The heat-keystone-setup tool configures keystone for use with heat. This script requires admin keystone credentials to be available in the shell environment and write access to /etc/keystone.
|
The heat-keystone-setup tool configures keystone for use with heat. This script requires admin keystone credentials to be available in the shell environment and write access to /etc/keystone.
|
||||||
|
|
||||||
Distributions may provide other tools to setup keystone for use with Heat, so check the distro documentation first.
|
Distributions may provide other tools to setup keystone for use with Heat, so check the distro documentation first.
|
||||||
|
@ -42,6 +42,7 @@ python-manilaclient>=1.3.0
|
|||||||
python-mistralclient>=1.0.0
|
python-mistralclient>=1.0.0
|
||||||
python-neutronclient>=2.6.0
|
python-neutronclient>=2.6.0
|
||||||
python-novaclient!=2.33.0,>=2.29.0
|
python-novaclient!=2.33.0,>=2.29.0
|
||||||
|
python-openstackclient>=1.5.0
|
||||||
python-saharaclient>=0.10.0
|
python-saharaclient>=0.10.0
|
||||||
python-swiftclient>=2.2.0
|
python-swiftclient>=2.2.0
|
||||||
python-troveclient>=1.2.0
|
python-troveclient>=1.2.0
|
||||||
|
Loading…
Reference in New Issue
Block a user