Merge "Update dev docs and sample script for v3/bootstrap"

doc/source/developing.rst

@@ -198,18 +198,21 @@ data for use with keystone:
 
 .. code-block:: bash
 
-    $ OS_TOKEN=ADMIN tools/sample_data.sh
+    $ ADMIN_PASSWORD=s3cr3t tools/sample_data.sh
-
-Notice it requires a service token read from an environment variable for
-authentication.  The default value "ADMIN" is from the ``admin_token``
-option in the ``[DEFAULT]`` section in ``etc/keystone.conf``.
 
 Once run, you can see the sample data that has been created by using the
 `openstackclient`_ command-line interface:
 
 .. code-block:: bash
 
-    $ openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ user list
+    $ export OS_USERNAME=admin
+    $ export OS_PASSWORD=s3cr3t
+    $ export OS_PROJECT_NAME=admin
+    $ export OS_USER_DOMAIN_ID=default
+    $ export OS_PROJECT_DOMAIN_ID=default
+    $ export OS_IDENTITY_API_VERSION=3
+    $ export OS_AUTH_URL=http://localhost:5000/v3
+    $ openstack user list
 
 The `openstackclient`_ can be installed using the following:
 

tools/sample_data.sh

@@ -19,9 +19,8 @@
 # This script is based on the original DevStack keystone_data.sh script.
 #
 # It demonstrates how to bootstrap Keystone with an administrative user
-# using the OS_TOKEN and OS_URL environment variables and the administrative
+# using the `keystone-manage bootstrap` command.  It will get the admin_port
-# API.  It will get the admin_token (OS_TOKEN) and admin_port from
+# from keystone.conf if available.
-# keystone.conf if available.
 #
 # Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
 # Use this with the Catalog Templated backend.
@@ -75,11 +74,6 @@ fi
 
 # Extract some info from Keystone's configuration file
 if [[ -r "$KEYSTONE_CONF" ]]; then
-    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
-    if [[ -z "${CONFIG_SERVICE_TOKEN}" ]]; then
-        # default config options are commented out, so lets try those
-        CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_token= | cut -d'=' -f2)
-    fi
     CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
     if [[ -z "${CONFIG_ADMIN_PORT}" ]]; then
         # default config options are commented out, so lets try those
@@ -87,26 +81,24 @@ if [[ -r "$KEYSTONE_CONF" ]]; then
     fi
 fi
 
-export OS_TOKEN=${OS_TOKEN:-$CONFIG_SERVICE_TOKEN}
+export OS_USERNAME=admin
-if [[ -z "$OS_TOKEN" ]]; then
+export OS_PASSWORD=$ADMIN_PASSWORD
-    echo "No service token found."
+export OS_PROJECT_NAME=admin
-    echo "Set OS_TOKEN manually from keystone.conf admin_token."
+export OS_USER_DOMAIN_ID=default
-    exit 1
+export OS_PROJECT_DOMAIN_ID=default
-fi
+export OS_IDENTITY_API_VERSION=3
-
+export OS_AUTH_URL=http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v3
-export OS_URL=${OS_URL:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
 
 function get_id () {
     echo `"$@" | grep ' id ' | awk '{print $4}'`
 }
 
-#
+export OS_BOOTSTRAP_PASSWORD=$ADMIN_PASSWORD
-# Roles
+export OS_BOOTSTRAP_REGION_ID=RegionOne
-#
+export OS_BOOTSTRAP_ADMIN_URL="http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v3"
-
+export OS_BOOTSTRAP_PUBLIC_URL="http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v3"
-openstack role create admin
+export OS_BOOTSTRAP_INTERNAL_URL="http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v3"
-
+keystone-manage bootstrap
-openstack role create service
 
 #
 # Default tenant
@@ -114,16 +106,11 @@ openstack role create service
 openstack project create demo \
                          --description "Default Tenant"
 
-openstack user create admin --project demo \
-                      --password "${ADMIN_PASSWORD}"
-
-openstack role add --user admin \
-                   --project demo\
-                   admin
-
 #
 # Service tenant
 #
+openstack role create service
+
 openstack project create service \
                   --description "Service Tenant"
 
@@ -162,20 +149,6 @@ openstack role add --user neutron \
                    --project service \
                    service
 
-#
-# Keystone service
-#
-openstack service create --name keystone \
-                         --description "Keystone Identity Service" \
-                         identity
-if [[ -z "$DISABLE_ENDPOINTS" ]]; then
-    openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" \
-        keystone
-fi
-
 #
 # Nova service
 #
@@ -184,10 +157,11 @@ openstack service create --name=nova \
                          compute
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
     openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
+        compute public "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s"
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
+    openstack endpoint create --region RegionOne \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
+        compute admin "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s"
-        nova
+    openstack endpoint create --region RegionOne \
+        compute internal "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s"
 fi
 
 #
@@ -198,10 +172,11 @@ openstack service create --name=volume \
                          volume
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
     openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
+        volume public "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s"
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
+    openstack endpoint create --region RegionOne \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
+        volume admin "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s"
-        volume
+    openstack endpoint create --region RegionOne \
+        volume internal "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
 fi
 
 #
@@ -212,10 +187,11 @@ openstack service create --name=glance \
                          image
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
     openstack endpoint create --region RegionOne  \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
+        image public "http://$CONTROLLER_PUBLIC_ADDRESS:9292"
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
+    openstack endpoint create --region RegionOne  \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" \
+        image admin "http://$CONTROLLER_ADMIN_ADDRESS:9292"
-        glance
+    openstack endpoint create --region RegionOne  \
+        image internal "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
 fi
 
 #
@@ -226,10 +202,11 @@ openstack service create --name=ec2 \
                          ec2
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
     openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
+        ec2 public "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud"
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
+    openstack endpoint create --region RegionOne \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" \
+        ec2 admin "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin"
-        ec2
+    openstack endpoint create --region RegionOne \
+        ec2 internal "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
 fi
 
 #
@@ -240,10 +217,11 @@ openstack service create --name=swift \
                          object-store
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
     openstack endpoint create --region RegionOne \
-        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
+        object-store public "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
-        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
+    openstack endpoint create --region RegionOne \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
+        object-store admin "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1"
-        swift
+    openstack endpoint create --region RegionOne \
+        object-store internal "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
 fi
 
 #
@@ -254,10 +232,11 @@ openstack service create --name=neutron \
                          network
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
     openstack endpoint create --region RegionOne \
-        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
+        network public "http://$CONTROLLER_PUBLIC_ADDRESS:9696"
-        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
+    openstack endpoint create --region RegionOne \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" \
+        network admin "http://$CONTROLLER_ADMIN_ADDRESS:9696"
-        neutron
+    openstack endpoint create --region RegionOne \
+        network internal "http://$CONTROLLER_INTERNAL_ADDRESS:9696"
 fi
 
 # create ec2 creds and parse the secret and access key returned