c1fdbab4de
In order to enable and deploy federated Keystone, we need to use version 3 of the Keystone API and the v3 Keystone Client. This work begins that transition by having a set of backwards compatible library commands. Specifically, this commit updates the keystone library to use v3 Keystone Client and the usage of ensure_tenant in the os_keystone tasks to use the v3 admin url. In version 3 of Keystone's Endpoints (Catalog) API each endpoint only has one URL and has separate interface types (public, internal, admin). This change updates all uses of ensure_endpoint to structure the endpoint data in a better way for the ensure_endpoint command in the keystone module. As a result, some incidents where internalurl and adminurl were swapped have been fixed. Note: In new deployments the endpoints will be created using the v3 API and will therefore not be available via the v2 API. This will be a breaking change to legacy CLI clients. The openstack CLI should be used instead. DocImpact Related-Bug: #1470635 Partially-implements: blueprint keystone-federation Change-Id: I2cd4f505e850b4b113452abc25ee00d486b1637d
40 lines
1.3 KiB
Plaintext
40 lines
1.3 KiB
Plaintext
# Do not edit, changes will be overwritten
|
|
|
|
# COMMON CINDER ENVS
|
|
export CINDER_ENDPOINT_TYPE={{ openrc_cinder_endpoint_type }}
|
|
|
|
# COMMON NOVA ENVS
|
|
export NOVA_ENDPOINT_TYPE={{ openrc_nova_endpoint_type }}
|
|
|
|
# COMMON OPENSTACK ENVS
|
|
export OS_ENDPOINT_TYPE={{ openrc_os_endpoint_type }}
|
|
export OS_USERNAME={{ openrc_os_username }}
|
|
export OS_PASSWORD={{ openrc_os_password }}
|
|
export OS_PROJECT_NAME={{ openrc_os_tenant_name }}
|
|
# NOTE(sigmavirus24): The tenant name setting should be removed when
|
|
# python-cinderclient stops checking for it and failing if it doesn't exist.
|
|
export OS_TENANT_NAME={{ openrc_os_tenant_name }}
|
|
export OS_AUTH_URL={{ openrc_os_auth_url }}
|
|
export OS_NO_CACHE=1
|
|
export OS_USER_DOMAIN_NAME={{ openrc_os_domain_name }}
|
|
export OS_PROJECT_DOMAIN_NAME={{ openrc_os_domain_name }}
|
|
|
|
# For openstackclient
|
|
{% if openrc_os_auth_url.endswith('v3') %}
|
|
export OS_IDENTITY_API_VERSION=3
|
|
{% else %}
|
|
export OS_IDENTITY_API_VERSION=2
|
|
{% endif %}
|
|
|
|
{% if openrc_insecure | bool %}
|
|
# Convenience Aliases for Self-Signed Certs
|
|
alias cinder='cinder --insecure'
|
|
alias glance='glance --insecure'
|
|
alias heat='heat --insecure'
|
|
alias keystone='keystone --insecure'
|
|
alias neutron='neutron --insecure'
|
|
alias nova='nova --insecure'
|
|
alias openstack='openstack --insecure'
|
|
alias swift='swift --insecure'
|
|
{% endif %}
|