openstack
/
heat
Code Issues Proposed changes

Merge "Deprecate heat-keystone-setup"

This commit is contained in:
Jenkins 2015-11-17 19:41:23 +00:00 committed by Gerrit Code Review
parent b2031196c9 267a4f076b
commit dc21480a46
3 changed files with 41 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
bin/heat-keystone-setup
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
echo "Warning: This script is deprecated! Please use other tool to setup keystone for heat." >&2
set +e set +e
KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf} KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
@ -19,12 +21,12 @@ if [[ -z "$SERVICE_TOKEN" ]]; then
fi fi
set_admin_token() { set_admin_token() {
alias keystone="keystone --token $SERVICE_TOKEN \ alias openstack="openstack --os-token $SERVICE_TOKEN \
--endpoint $SERVICE_ENDPOINT" --os-endpoint $SERVICE_ENDPOINT"
} }
unset_admin_token() { unset_admin_token() {
unalias keystone unalias openstack
} }
#### utilities functions merged from devstack to check required parameter is not empty #### utilities functions merged from devstack to check required parameter is not empty
@ -113,31 +115,19 @@ get_id () {
get_data 1 id 2 "$@" get_data 1 id 2 "$@"
} }
get_column_num() {
local name=$1
shift
$@ | awk -F'|' "NR == 2 && /^|/ { for (i=2; i<NF; i++) if (\$i ~ \"^ *${name} *\$\") print (i - 1) }"
}
get_user() { get_user() {
local username=$1 local username=$1
# Output format of keystone user-list changed between essex and local user_id=$(get_data 2 $username 1 openstack user list)
# folsom - the columns have been re-ordered (!?), so detect what
# column to pass to get_data via get_column_num
namecol=$(get_column_num name keystone user-list)
die_if_not_set $LINENO namecol "Fail to get namecol for name by 'keystone user-list' "
local user_id=$(get_data $namecol $username 1 keystone user-list)
if [ -n "$user_id" ]; then if [ -n "$user_id" ]; then
echo "Found existing $username user" >&2 echo "Found existing $username user" >&2
echo $user_id echo $user_id
else else
echo "Creating $username user..." >&2 echo "Creating $username user..." >&2
get_id keystone user-create --name=$username \ get_id openstack user create $username \
--pass="$SERVICE_PASSWORD" \ --password="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \ --project $SERVICE_TENANT \
--email=$username@example.com --email=$username@example.com
fi fi
} }
@ -148,14 +138,8 @@ add_role() {
local role_id=$3 local role_id=$3
local username=$4 local username=$4
# The keystone argument format changed between essex and folsom user_roles=$(openstack user role list $user_id\
# so we use the fact that the folsom keystone version has a new --project $tenant 2>/dev/null)
# option "user-role-list" to detect we're on that newer version
# This also allows us to detect when the user already has the
# requested role_id, preventing an error on folsom
user_roles=$(keystone user-role-list \
--user_id $user_id\
--tenant_id $tenant 2>/dev/null)
if [ $? == 0 ]; then if [ $? == 0 ]; then
# Folsom # Folsom
existing_role=$(get_data 1 $role_id 1 echo "$user_roles") existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
@ -164,26 +148,21 @@ add_role() {
echo "User $username already has role $role_id" >&2 echo "User $username already has role $role_id" >&2
return return
fi fi
keystone user-role-add --tenant_id $tenant \ openstack role add --project $tenant \
--user_id $user_id \ --user $user_id \
--role_id $role_id $role_id
else
# Essex
keystone user-role-add --tenant_id $tenant \
--user $user_id \
--role $role_id
fi fi
} }
create_role() { create_role() {
local role_name=$1 local role_name=$1
role_id=$(get_data 2 $role_name 1 keystone role-list) role_id=$(get_data 2 $role_name 1 openstack role list)
if [ -n "$role_id" ] if [ -n "$role_id" ]
then then
echo "Role $role_name already exists : $role_id" >&2 echo "Role $role_name already exists : $role_id" >&2
else else
keystone role-create --name $role_name openstack role create $role_name
fi fi
} }
@ -191,36 +170,22 @@ get_endpoint() {
local service_type=$1 local service_type=$1
unset_admin_token unset_admin_token
keystone endpoint-get --service $service_type openstack endpoint show $service_type
set_admin_token set_admin_token
} }
delete_endpoint() { delete_endpoint() {
local service_type=$1 local service_type=$1
case $service_type in local endpoints=$(get_data 4 $service_type 1 openstack endpoint list)
volume) urlsuffix='\\\\$\\\\(tenant_id)s';;
orchestration) urlsuffix='%[(]tenant_id[)]s';;
# cloudformation has no hash suffix
*) urlsuffix=''
esac
local url=$(get_data 1 "${service_type}[.]publicURL" 2 \ for endpoint in $endpoints; do
get_endpoint $service_type 2>/dev/null | \ echo "Removing $service_type endpoint ${endpoint}..." >&2
sed -r "s/[a-f0-9]{32}/$urlsuffix/") openstack endpoint delete "$endpoint" >&2
done
if [ -n "$url" ]; then if [ -z "$endpoints" ]; then false; fi
local endpoints=$(get_data 3 $url 1 keystone endpoint-list)
for endpoint in $endpoints; do
echo "Removing $service_type endpoint ${endpoint}..." >&2
keystone endpoint-delete "$endpoint" >&2
done
if [ -z "$endpoints" ]; then false; fi
else
false
fi
} }
delete_all_endpoints() { delete_all_endpoints() {
@ -234,12 +199,12 @@ delete_service() {
delete_all_endpoints $service_type delete_all_endpoints $service_type
local service_ids=$(get_data 3 $service_type 1 keystone service-list) local service_ids=$(get_data 3 $service_type 1 openstack service list)
for service in $service_ids; do for service in $service_ids; do
local service_name=$(get_data 1 $service 2 keystone service-list) local service_name=$(get_data 1 $service 2 openstack service list)
echo "Removing $service_name:$service_type service..." >&2 echo "Removing $service_name:$service_type service..." >&2
keystone service-delete $service >&2 openstack service delete $service >&2
done done
} }
@ -250,35 +215,32 @@ get_service() {
delete_service $service_type delete_service $service_type
get_id keystone service-create --name=$service_name \ get_id openstack service create --name=$service_name \
--type=$service_type \ --description="$description" \
--description="$description" $service_type
} }
add_endpoint() { add_endpoint() {
local service_id=$1 local service_id=$1
local url="$2" local url="$2"
keystone endpoint-create --region RegionOne --service_id $service_id \ openstack endpoint create --region RegionOne --publicurl "$url" \
--publicurl "$url" --adminurl "$url" --internalurl "$url" >&2 --adminurl "$url" --internalurl "$url" $service_id >&2
} }
keystone_setup() { keystone_setup() {
# Make sure we can use keystone command without OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT
# credential, because we need to use keystone endpoint-get command below, and the
# keystone endpoint-get command can not run correctly
# using OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT credential.
unset OS_SERVICE_TOKEN unset OS_SERVICE_TOKEN
unset OS_SERVICE_ENDPOINT unset OS_SERVICE_ENDPOINT
TENANT_ID=$(get_data 1 tenant_id 2 keystone token-get) TENANT_ID=$(get_data 1 project_id 2 openstack token issue)
die_if_not_set $LINENO TENANT_ID "Fail to get TENANT_ID by 'token-get' " die_if_not_set $LINENO TENANT_ID "Fail to get TENANT_ID by 'openstack token issue' "
set_admin_token set_admin_token
ADMIN_ROLE=$(get_data 2 admin 1 keystone role-list) ADMIN_ROLE=$(get_data 2 admin 1 openstack role list)
die_if_not_set $LINENO ADMIN_ROLE "Fail to get ADMIN_ROLE by 'keystone role-list' " die_if_not_set $LINENO ADMIN_ROLE "Fail to get ADMIN_ROLE by 'openstack role list' "
SERVICE_TENANT=$(get_data 2 service 1 keystone tenant-list) SERVICE_TENANT=$(get_data 2 service 1 openstack project list)
die_if_not_set $LINENO SERVICE_TENANT "Fail to get service tenant 'keystone tenant-list' " die_if_not_set $LINENO SERVICE_TENANT "Fail to get service tenant 'openstack project list' "
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD} SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD}
SERVICE_HOST=${SERVICE_HOST:-localhost} SERVICE_HOST=${SERVICE_HOST:-localhost}

2
doc/source/man/heat-keystone-setup.rst
View File

@ -13,6 +13,8 @@ SYNOPSIS
DESCRIPTION DESCRIPTION
=========== ===========
Warning: This script is deprecated, please use other tool to setup keystone for heat.
The heat-keystone-setup tool configures keystone for use with heat. This script requires admin keystone credentials to be available in the shell environment and write access to /etc/keystone. The heat-keystone-setup tool configures keystone for use with heat. This script requires admin keystone credentials to be available in the shell environment and write access to /etc/keystone.
Distributions may provide other tools to setup keystone for use with Heat, so check the distro documentation first. Distributions may provide other tools to setup keystone for use with Heat, so check the distro documentation first.

1
requirements.txt
View File

@ -42,6 +42,7 @@ python-manilaclient>=1.3.0
python-mistralclient>=1.0.0 python-mistralclient>=1.0.0
python-neutronclient>=2.6.0 python-neutronclient>=2.6.0
python-novaclient!=2.33.0,>=2.29.0 python-novaclient!=2.33.0,>=2.29.0
python-openstackclient>=1.5.0
python-saharaclient>=0.10.0 python-saharaclient>=0.10.0
python-swiftclient>=2.2.0 python-swiftclient>=2.2.0
python-troveclient>=1.2.0 python-troveclient>=1.2.0