Remove deprecated heat-keystone-setup
It was deprecated 10 years ago[1].
[1] 267a4f076b
Change-Id: I78776360897b2aaa920f1bfb542bfd0a543f4f50
This commit is contained in:
parent
033dfe61d8
commit
d1c0066f6a
@ -1,286 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo "Warning: This script is deprecated! Please use other tool to setup keystone for heat." >&2
|
|
||||||
|
|
||||||
set +e
|
|
||||||
|
|
||||||
KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
|
|
||||||
|
|
||||||
# Extract some info from Keystone's configuration file
|
|
||||||
if [[ -r "$KEYSTONE_CONF" ]]; then
|
|
||||||
CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
|
|
||||||
CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
|
|
||||||
fi
|
|
||||||
|
|
||||||
SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
|
|
||||||
SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://127.0.0.1:${CONFIG_ADMIN_PORT:-35357}/v2.0}
|
|
||||||
if [[ -z "$SERVICE_TOKEN" ]]; then
|
|
||||||
echo "No service token found." >&2
|
|
||||||
echo "Set SERVICE_TOKEN manually from keystone.conf admin_token." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
set_admin_token() {
|
|
||||||
alias openstack="openstack --os-token $SERVICE_TOKEN \
|
|
||||||
--os-endpoint $SERVICE_ENDPOINT"
|
|
||||||
}
|
|
||||||
|
|
||||||
unset_admin_token() {
|
|
||||||
unalias openstack
|
|
||||||
}
|
|
||||||
|
|
||||||
#### utilities functions merged from devstack to check required parameter is not empty
|
|
||||||
# Prints line number and "message" in error format
|
|
||||||
# err $LINENO "message"
|
|
||||||
function err() {
|
|
||||||
local exitcode=$?
|
|
||||||
errXTRACE=$(set +o | grep xtrace)
|
|
||||||
set +o xtrace
|
|
||||||
local msg="[ERROR] ${BASH_SOURCE[2]}:$1 $2"
|
|
||||||
echo $msg 1>&2;
|
|
||||||
if [[ -n ${LOGDIR} ]]; then
|
|
||||||
echo $msg >> "${LOGDIR}/error.log"
|
|
||||||
fi
|
|
||||||
$errXTRACE
|
|
||||||
return $exitcode
|
|
||||||
}
|
|
||||||
# Prints backtrace info
|
|
||||||
# filename:lineno:function
|
|
||||||
function backtrace {
|
|
||||||
local level=$1
|
|
||||||
local deep=$((${#BASH_SOURCE[@]} - 1))
|
|
||||||
echo "[Call Trace]"
|
|
||||||
while [ $level -le $deep ]; do
|
|
||||||
echo "${BASH_SOURCE[$deep]}:${BASH_LINENO[$deep-1]}:${FUNCNAME[$deep-1]}"
|
|
||||||
deep=$((deep - 1))
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Prints line number and "message" then exits
|
|
||||||
# die $LINENO "message"
|
|
||||||
function die() {
|
|
||||||
local exitcode=$?
|
|
||||||
set +o xtrace
|
|
||||||
local line=$1; shift
|
|
||||||
if [ $exitcode == 0 ]; then
|
|
||||||
exitcode=1
|
|
||||||
fi
|
|
||||||
backtrace 2
|
|
||||||
err $line "$*"
|
|
||||||
exit $exitcode
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Checks an environment variable is not set or has length 0 OR if the
|
|
||||||
# exit code is non-zero and prints "message" and exits
|
|
||||||
# NOTE: env-var is the variable name without a '$'
|
|
||||||
# die_if_not_set $LINENO env-var "message"
|
|
||||||
function die_if_not_set() {
|
|
||||||
local exitcode=$?
|
|
||||||
FXTRACE=$(set +o | grep xtrace)
|
|
||||||
set +o xtrace
|
|
||||||
local line=$1; shift
|
|
||||||
local evar=$1; shift
|
|
||||||
if ! is_set $evar || [ $exitcode != 0 ]; then
|
|
||||||
die $line "$*"
|
|
||||||
fi
|
|
||||||
$FXTRACE
|
|
||||||
}
|
|
||||||
|
|
||||||
# Test if the named environment variable is set and not zero length
|
|
||||||
# is_set env-var
|
|
||||||
function is_set() {
|
|
||||||
local var=\$"$1"
|
|
||||||
eval "[ -n \"$var\" ]" # For ex.: sh -c "[ -n \"$var\" ]" would be better, but several exercises depends on this
|
|
||||||
}
|
|
||||||
|
|
||||||
#######################################
|
|
||||||
|
|
||||||
get_data() {
|
|
||||||
local match_column=$(($1 + 1))
|
|
||||||
local regex="$2"
|
|
||||||
local output_column=$(($3 + 1))
|
|
||||||
shift 3
|
|
||||||
|
|
||||||
output=$("$@" | \
|
|
||||||
awk -F'|' \
|
|
||||||
"! /^\+/ && \$${match_column} ~ \"^ *${regex} *\$\" \
|
|
||||||
{ print \$${output_column} }")
|
|
||||||
|
|
||||||
echo "$output"
|
|
||||||
}
|
|
||||||
|
|
||||||
get_id () {
|
|
||||||
get_data 1 id 2 "$@"
|
|
||||||
}
|
|
||||||
|
|
||||||
get_user() {
|
|
||||||
local username=$1
|
|
||||||
|
|
||||||
local user_id=$(get_data 2 $username 1 openstack user list)
|
|
||||||
|
|
||||||
if [ -n "$user_id" ]; then
|
|
||||||
echo "Found existing $username user" >&2
|
|
||||||
echo $user_id >&2
|
|
||||||
else
|
|
||||||
echo "Creating $username user..." >&2
|
|
||||||
get_id openstack user create $username \
|
|
||||||
--password="$SERVICE_PASSWORD" \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--email=$username@example.com
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
add_role() {
|
|
||||||
local user_id=$1
|
|
||||||
local tenant=$2
|
|
||||||
local role_id=$3
|
|
||||||
local username=$4
|
|
||||||
|
|
||||||
user_roles=$(openstack user role list $user_id\
|
|
||||||
--project $tenant 2>/dev/null)
|
|
||||||
if [ $? == 0 ]; then
|
|
||||||
# Folsom
|
|
||||||
existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
|
|
||||||
if [ -n "$existing_role" ]
|
|
||||||
then
|
|
||||||
echo "User $username already has role $role_id" >&2
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
openstack role add --project $tenant \
|
|
||||||
--user $user_id \
|
|
||||||
$role_id
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
create_role() {
|
|
||||||
local role_name=$1
|
|
||||||
|
|
||||||
role_id=$(get_data 2 $role_name 1 openstack role list)
|
|
||||||
if [ -n "$role_id" ]
|
|
||||||
then
|
|
||||||
echo "Role $role_name already exists : $role_id" >&2
|
|
||||||
else
|
|
||||||
openstack role create $role_name
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
get_endpoint() {
|
|
||||||
local service_type=$1
|
|
||||||
|
|
||||||
unset_admin_token
|
|
||||||
openstack endpoint show $service_type
|
|
||||||
set_admin_token
|
|
||||||
}
|
|
||||||
|
|
||||||
delete_endpoint() {
|
|
||||||
local service_type=$1
|
|
||||||
|
|
||||||
local endpoints=$(get_data 4 $service_type 1 openstack endpoint list)
|
|
||||||
|
|
||||||
for endpoint in $endpoints; do
|
|
||||||
echo "Removing $service_type endpoint ${endpoint}..." >&2
|
|
||||||
openstack endpoint delete "$endpoint" >&2
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -z "$endpoints" ]; then false; fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
delete_all_endpoints() {
|
|
||||||
while delete_endpoint $1; do
|
|
||||||
true
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
delete_service() {
|
|
||||||
local service_type=$1
|
|
||||||
|
|
||||||
delete_all_endpoints $service_type
|
|
||||||
|
|
||||||
local service_ids=$(get_data 3 $service_type 1 openstack service list)
|
|
||||||
|
|
||||||
for service in $service_ids; do
|
|
||||||
local service_name=$(get_data 1 $service 2 openstack service list)
|
|
||||||
echo "Removing $service_name:$service_type service..." >&2
|
|
||||||
openstack service delete $service >&2
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
get_service() {
|
|
||||||
local service_name=$1
|
|
||||||
local service_type=$2
|
|
||||||
local description="$3"
|
|
||||||
|
|
||||||
delete_service $service_type
|
|
||||||
|
|
||||||
get_id openstack service create --name=$service_name \
|
|
||||||
--description="$description" \
|
|
||||||
$service_type
|
|
||||||
}
|
|
||||||
|
|
||||||
add_endpoint() {
|
|
||||||
local service_id=$1
|
|
||||||
local url="$2"
|
|
||||||
|
|
||||||
openstack endpoint create --region RegionOne --publicurl "$url" \
|
|
||||||
--adminurl "$url" --internalurl "$url" $service_id >&2
|
|
||||||
}
|
|
||||||
|
|
||||||
keystone_setup() {
|
|
||||||
|
|
||||||
unset OS_SERVICE_TOKEN
|
|
||||||
unset OS_SERVICE_ENDPOINT
|
|
||||||
TENANT_ID=$(get_data 1 project_id 2 openstack token issue)
|
|
||||||
die_if_not_set $LINENO TENANT_ID "Fail to get TENANT_ID by 'openstack token issue' "
|
|
||||||
|
|
||||||
set_admin_token
|
|
||||||
|
|
||||||
ADMIN_ROLE=$(get_data 2 admin 1 openstack role list)
|
|
||||||
die_if_not_set $LINENO ADMIN_ROLE "Fail to get ADMIN_ROLE by 'openstack role list' "
|
|
||||||
SERVICE_TENANT=$(get_data 2 service 1 openstack project list)
|
|
||||||
die_if_not_set $LINENO SERVICE_TENANT "Fail to get service tenant 'openstack project list' "
|
|
||||||
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD}
|
|
||||||
SERVICE_HOST=${SERVICE_HOST:-localhost}
|
|
||||||
|
|
||||||
if [[ "$SERVICE_PASSWORD" == "$OS_PASSWORD" ]]; then
|
|
||||||
echo "Using the OS_PASSWORD for the SERVICE_PASSWORD." >&2
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ "$SERVICE_HOST" == "localhost" ]]; then
|
|
||||||
echo "Warning: Endpoints will be registered as localhost, but this usually won't work." >&2
|
|
||||||
echo "Set SERVICE_HOST to a publicly accessible hostname/IP instead." >&2
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo ADMIN_ROLE $ADMIN_ROLE
|
|
||||||
echo SERVICE_TENANT $SERVICE_TENANT
|
|
||||||
echo SERVICE_PASSWORD $SERVICE_PASSWORD
|
|
||||||
echo SERVICE_TOKEN $SERVICE_TOKEN
|
|
||||||
echo SERVICE_HOST $SERVICE_HOST
|
|
||||||
|
|
||||||
HEAT_USERNAME="heat"
|
|
||||||
HEAT_USERID=$(get_user $HEAT_USERNAME)
|
|
||||||
die_if_not_set $LINENO HEAT_USERID "Fail to get user for $HEAT_USERNAME"
|
|
||||||
echo HEAT_USERID $HEAT_USERID
|
|
||||||
add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
|
|
||||||
|
|
||||||
# Create a special role which template-defined "stack users" are
|
|
||||||
# assigned to in the engine when they are created, this allows them
|
|
||||||
# to be more easily differentiated from other users (e.g so we can
|
|
||||||
# lock down these implicitly untrusted users via RBAC policy)
|
|
||||||
STACK_USER_ROLE="heat_stack_user"
|
|
||||||
create_role $STACK_USER_ROLE
|
|
||||||
|
|
||||||
HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
|
|
||||||
"Heat CloudFormation API")
|
|
||||||
add_endpoint $HEAT_CFN_SERVICE "http://$SERVICE_HOST:8000/v1"
|
|
||||||
|
|
||||||
HEAT_OS_SERVICE=$(get_service heat orchestration \
|
|
||||||
"Heat API")
|
|
||||||
add_endpoint $HEAT_OS_SERVICE "http://$SERVICE_HOST:8004/v1/%(tenant_id)s"
|
|
||||||
}
|
|
||||||
|
|
||||||
if [[ ${BASH_SOURCE[0]} == ${0} ]]; then
|
|
||||||
keystone_setup
|
|
||||||
fi
|
|
@ -324,9 +324,6 @@ man_pages = [
|
|||||||
('man/heat-engine', 'heat-engine',
|
('man/heat-engine', 'heat-engine',
|
||||||
u'Service which performs the actions from the API calls made by the user',
|
u'Service which performs the actions from the API calls made by the user',
|
||||||
[u'Heat Developers'], 1),
|
[u'Heat Developers'], 1),
|
||||||
('man/heat-keystone-setup', 'heat-keystone-setup',
|
|
||||||
u'Script which sets up keystone for usage by Heat',
|
|
||||||
[u'Heat Developers'], 1),
|
|
||||||
('man/heat-keystone-setup-domain', 'heat-keystone-setup-domain',
|
('man/heat-keystone-setup-domain', 'heat-keystone-setup-domain',
|
||||||
u'Script which sets up a keystone domain for heat users and projects',
|
u'Script which sets up a keystone domain for heat users and projects',
|
||||||
[u'Heat Developers'], 1),
|
[u'Heat Developers'], 1),
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
===================
|
|
||||||
heat-keystone-setup
|
|
||||||
===================
|
|
||||||
|
|
||||||
.. program:: heat-keystone-setup
|
|
||||||
|
|
||||||
|
|
||||||
SYNOPSIS
|
|
||||||
========
|
|
||||||
|
|
||||||
``heat-keystone-setup``
|
|
||||||
|
|
||||||
|
|
||||||
DESCRIPTION
|
|
||||||
===========
|
|
||||||
Warning: This script is deprecated, please use other tool to setup keystone
|
|
||||||
for heat.
|
|
||||||
|
|
||||||
The ``heat-keystone-setup`` tool configures keystone for use with heat. This
|
|
||||||
script requires admin keystone credentials to be available in the shell
|
|
||||||
environment and write access to ``/etc/keystone``.
|
|
||||||
|
|
||||||
Distributions may provide other tools to setup keystone for use with Heat, so
|
|
||||||
check the distro documentation first.
|
|
||||||
|
|
||||||
EXAMPLES
|
|
||||||
========
|
|
||||||
|
|
||||||
heat-keystone-setup
|
|
||||||
|
|
||||||
BUGS
|
|
||||||
====
|
|
||||||
|
|
||||||
Heat bugs are managed through StoryBoard
|
|
||||||
`OpenStack Heat Stories <https://storyboard.openstack.org/#!/project/989>`__
|
|
@ -22,6 +22,5 @@ Heat utilities
|
|||||||
|
|
||||||
heat-manage
|
heat-manage
|
||||||
heat-db-setup
|
heat-db-setup
|
||||||
heat-keystone-setup
|
|
||||||
heat-keystone-setup-domain
|
heat-keystone-setup-domain
|
||||||
heat-status
|
heat-status
|
||||||
|
Loading…
Reference in New Issue
Block a user