169 lines
5.1 KiB
Bash
Executable File
169 lines
5.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# ``upgrade-keystone``
|
|
|
|
echo "*********************************************************************"
|
|
echo "Begin $0"
|
|
echo "*********************************************************************"
|
|
|
|
# Clean up any resources that may be in use
|
|
cleanup() {
|
|
set +o errexit
|
|
|
|
echo "*********************************************************************"
|
|
echo "ERROR: Abort $0"
|
|
echo "*********************************************************************"
|
|
|
|
# Kill ourselves to signal any calling process
|
|
trap 2; kill -2 $$
|
|
}
|
|
|
|
trap cleanup SIGHUP SIGINT SIGTERM
|
|
|
|
# Keep track of the grenade directory
|
|
GRENADE_DIR=$(cd $(dirname "$0") && pwd)
|
|
|
|
# Import common functions
|
|
source $GRENADE_DIR/functions
|
|
|
|
# Determine what system we are running on. This provides ``os_VENDOR``,
|
|
# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
|
|
# and ``DISTRO``
|
|
GetDistro
|
|
|
|
# Source params
|
|
source $GRENADE_DIR/grenaderc
|
|
|
|
# This script exits on an error so that errors don't compound and you see
|
|
# only the first error that occured.
|
|
set -o errexit
|
|
|
|
# Print the commands being run so that we can see the command that triggers
|
|
# an error. It is also useful for following allowing as the install occurs.
|
|
set -o xtrace
|
|
|
|
# Set for DevStack compatibility
|
|
TOP_DIR=$TARGET_DEVSTACK_DIR
|
|
|
|
|
|
# Upgrade Keystone
|
|
# ================
|
|
|
|
# Kill a running Keystone
|
|
screen -S $SCREEN_NAME -p key -X kill
|
|
|
|
MYSQL_HOST=${MYSQL_HOST:-localhost}
|
|
MYSQL_USER=${MYSQL_USER:-root}
|
|
BASE_SQL_CONN=$(source $BASE_DEVSTACK_DIR/stackrc; echo ${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST})
|
|
|
|
# Duplicate some setup bits from target DevStack
|
|
cd $TARGET_DEVSTACK_DIR
|
|
source $TARGET_DEVSTACK_DIR/stackrc
|
|
DATA_DIR=${DEST}/data
|
|
SERVICE_HOST=${SERVICE_HOST:-localhost}
|
|
S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
|
|
source $TARGET_DEVSTACK_DIR/lib/database
|
|
|
|
# Get functions from current DevStack
|
|
source $TARGET_DEVSTACK_DIR/lib/keystone
|
|
|
|
# Save current config files for posterity
|
|
[[ -d $SAVE_DIR/etc.keystone ]] || cp -pr $KEYSTONE_CONF_DIR $SAVE_DIR/etc.keystone
|
|
|
|
# install_keystone()
|
|
install_keystoneclient
|
|
install_keystone
|
|
|
|
# configure_keystone()
|
|
configure_keystoneclient
|
|
configure_keystone
|
|
|
|
# Simulate init_keystone()
|
|
# Migrate the database
|
|
keystone-manage db_sync || die $LINENO "DB sync error"
|
|
|
|
# Set up certificates
|
|
keystone-manage pki_setup || die $LINENO "PKI setup error"
|
|
|
|
|
|
### Fix a missed upgrade bit
|
|
### Reported in bug 1119789
|
|
|
|
# First see if it is fixed yet
|
|
extra=$(mysql -uroot -p$MYSQL_PASSWORD keystone -E -N -e "select extra from role where name = \"admin\";" | sed -n '2{p;q}')
|
|
if [[ "$extra" == "NULL" ]]; then
|
|
echo "1119789 not fixed???"
|
|
# Table 'role' column 'extra' is varchar(64) when upgraded from folsom
|
|
# and varchar(255) when created in trunk. The upgraded value is NULL
|
|
# while the trunk value is '{}'. Oops!
|
|
mysql -uroot -p$MYSQL_PASSWORD keystone -e "alter table role modify name varchar(255);update role set extra = '{}' where extra is NULL;"
|
|
else
|
|
echo "Skipping 1119789 work-around"
|
|
fi
|
|
|
|
|
|
### Roles are not correctly mapped in migration
|
|
### Reported in bug 1131087
|
|
|
|
# get_mysql_id <table> <name>
|
|
function get_mysql_id() {
|
|
local table=$1
|
|
local name=$2
|
|
echo $(mysql -u$MYSQL_USER -p$MYSQL_PASSWORD keystone -E -N -e "select id from $table where name = \"$name\";" | sed -n '2{p;q}')
|
|
}
|
|
|
|
# get_mysql_roles <user-id>
|
|
function get_mysql_roles() {
|
|
local user_id=$1
|
|
if [[ -n "$user_id" ]]; then
|
|
echo $(mysql -u$MYSQL_USER -p$MYSQL_PASSWORD keystone -E -N -e "select data from user_project_metadata where user_id = \"$user_id\";" | sed -n '2{p;q}')
|
|
fi
|
|
}
|
|
|
|
# First see if it is fixed yet
|
|
# This should be enough to get keystone started so we can use the API to clean up the rest
|
|
admin_id=$(get_mysql_id user admin)
|
|
if [[ "$(get_mysql_roles $admin_id)" == "{\"roles\": [\"9fe2ff9ee4384b1894a90878d3e92bab\"]}" ]]; then
|
|
echo "1131087 not fixed yet?"
|
|
WORK_AROUND_1131087=True
|
|
# Get admin role
|
|
role=$(get_mysql_id role admin)
|
|
# Add admin role where it is needed
|
|
for user in admin cinder glance nova swift; do
|
|
user_id=$(get_mysql_id user $user)
|
|
data=$(get_mysql_roles $user_id)
|
|
role_json='{\"roles\": [\"9fe2ff9ee4384b1894a90878d3e92bab\", \"'${role}'\"]}'
|
|
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD keystone -e "update user_project_metadata set data = \"${role_json}\" where user_id = '${user_id}';"
|
|
done
|
|
else
|
|
echo "Skipping 1131087 work-around"
|
|
fi
|
|
|
|
|
|
# Start Keystone
|
|
start_keystone
|
|
|
|
|
|
if [[ -n "$WORK_AROUND_1131087" ]]; then
|
|
### Continuation of 1131087 via API
|
|
source $TARGET_DEVSTACK_DIR/openrc admin admin
|
|
|
|
# Fix admin
|
|
keystone user-role-remove --user admin --tenant admin --role _member_
|
|
|
|
# Fix demo
|
|
keystone user-role-remove --user demo --tenant demo --role _member_
|
|
keystone user-role-add --user demo --tenant demo --role Member
|
|
keystone user-role-add --user demo --tenant demo --role anotherrole
|
|
|
|
# Fix javelin
|
|
keystone user-role-remove --user javelin --tenant javelin --role _member_
|
|
keystone user-role-add --user javelin --tenant javelin --role Member
|
|
fi
|
|
|
|
|
|
set +o xtrace
|
|
echo "*********************************************************************"
|
|
echo "SUCCESS: End $0"
|
|
echo "*********************************************************************"
|