Drop usage of keystoneclient
the keystoneclient cli is now deprecated and will soon be removed. Use the openstack client instead. Change-Id: If0ff31c065140e26f9e5c3aeb7a93a71d3ac57cd
This commit is contained in:
Derek Higgins
parent
e29dbd127f
commit
f0b96b082e
@ -68,8 +68,8 @@ if [ -z "$EMAIL" -o -z "$NAME" -o -z "$TENANT" -o -z "$USERCODE" -o -n "$EXTRA_A
|
||||
fi
|
||||
|
||||
echo "Checking for user $USERCODE"
|
||||
#TODO: fix after bug 1392035 in keystone client
|
||||
USER_ID=$(keystone user-list | awk '{print tolower($0)}' |grep " ${USERCODE,,} " |awk '{print$2}')
|
||||
#TODO: fix after bug 1392035 in the keystone client library
|
||||
USER_ID=$(openstack user list | awk '{print tolower($0)}' |grep " ${USERCODE,,} " |awk '{print$2}')
|
||||
if [ -z "$USER_ID" ]; then
|
||||
PASSWORD=''
|
||||
if [ -e os-asserted-users ]; then
|
||||
@ -79,24 +79,23 @@ if [ -z "$USER_ID" ]; then
|
||||
PASSWORD=$(os-make-password)
|
||||
echo "$USERCODE $PASSWORD" >> os-asserted-users
|
||||
fi
|
||||
USER_ID=$(keystone user-create --name=$USERCODE \
|
||||
--pass="$PASSWORD" \
|
||||
--email="$EMAIL" | awk '$2=="id" {print $4}')
|
||||
USER_ID=$(openstack user create --pass "$PASSWORD"
|
||||
--email "$EMAIL" $USERCODE | awk '$2=="id" {print $4}')
|
||||
fi
|
||||
#TODO: fix after bug 1392035 in keystone client
|
||||
TENANT_ID=$(keystone tenant-list | awk '{print tolower($0)}' |grep " ${TENANT,,} " |awk '{print$2}')
|
||||
#TODO: fix after bug 1392035 in the keystone client library
|
||||
TENANT_ID=$(openstack project list | awk '{print tolower($0)}' |grep " ${TENANT,,} " |awk '{print$2}')
|
||||
if [ -z "$TENANT_ID" ]; then
|
||||
TENANT_ID=$(keystone tenant-create --name=$TENANT | awk '$2=="id" {print $4}')
|
||||
TENANT_ID=$(openstack project create $TENANT | awk '$2=="id" {print $4}')
|
||||
fi
|
||||
if [ "$TENANT" = "admin" ]; then
|
||||
ROLE="admin"
|
||||
else
|
||||
ROLE="_member_"
|
||||
fi
|
||||
ROLE_ID=$(keystone role-get $ROLE | awk '$2=="id" {print $4}')
|
||||
if keystone user-role-list --user-id $USER_ID --tenant-id $TENANT_ID | grep "${ROLE_ID}.*${ROLE}.*${USER_ID}" ; then
|
||||
ROLE_ID=$(openstack role show $ROLE | awk '$2=="id" {print $4}')
|
||||
if openstack user role list --project $TENANT_ID $USER_ID | grep "${ROLE_ID}.*${ROLE}.*${USER_ID}" ; then
|
||||
echo "User already has role '$ROLE'"
|
||||
else
|
||||
keystone user-role-add --user-id $USER_ID --role-id $ROLE_ID --tenant-id $TENANT_ID
|
||||
openstack role add --project $TENANT_ID --user $USER_ID $ROLE_ID
|
||||
fi
|
||||
echo "User $USERCODE configured."
|
||||
|
||||
@ -589,8 +589,8 @@ if [ "stack-create" = "$HEAT_OP" ]; then #nodocs
|
||||
-e admin@example.com -p $OVERCLOUD_ADMIN_PASSWORD \
|
||||
${SSLBASE:+-s $PUBLIC_API_URL} --no-pki-setup
|
||||
# Creating these roles to be used by tenants using swift
|
||||
keystone role-create --name=swiftoperator
|
||||
keystone role-create --name=ResellerAdmin
|
||||
openstack role create swiftoperator
|
||||
openstack role create ResellerAdmin
|
||||
setup-endpoints $OVERCLOUD_IP \
|
||||
--cinder-password $OVERCLOUD_CINDER_PASSWORD \
|
||||
--glance-password $OVERCLOUD_GLANCE_PASSWORD \
|
||||
@ -600,7 +600,7 @@ if [ "stack-create" = "$HEAT_OP" ]; then #nodocs
|
||||
--swift-password $OVERCLOUD_SWIFT_PASSWORD \
|
||||
--ceilometer-password $OVERCLOUD_CEILOMETER_PASSWORD \
|
||||
${SSLBASE:+--ssl $PUBLIC_API_URL}
|
||||
keystone role-create --name heat_stack_user
|
||||
openstack role create heat_stack_user
|
||||
user-config
|
||||
BM_NETWORK_GATEWAY=$(OS_CONFIG_FILES=$TE_DATAFILE os-apply-config --key baremetal-network.gateway-ip --type raw --key-default '192.0.2.1')
|
||||
OVERCLOUD_NAMESERVER=$(os-apply-config -m $TE_DATAFILE --key overcloud.nameserver --type netaddress --key-default "$OVERCLOUD_FIXED_RANGE_NAMESERVER")
|
||||
|
||||
@ -305,10 +305,10 @@ ssh-keyscan -t rsa $BM_NETWORK_SEED_IP | tee -a ~/.ssh/known_hosts | grep -q "^$
|
||||
|
||||
init-keystone -o $BM_NETWORK_SEED_IP -t unset -e admin@example.com -p unset --no-pki-setup
|
||||
setup-endpoints $BM_NETWORK_SEED_IP --glance-password unset --heat-password unset --neutron-password unset --nova-password unset $IRONIC_OPT
|
||||
keystone role-create --name heat_stack_user
|
||||
openstack role create heat_stack_user
|
||||
# Creating these roles to be used by tenants using swift
|
||||
keystone role-create --name=swiftoperator
|
||||
keystone role-create --name=ResellerAdmin
|
||||
openstack role create swiftoperator
|
||||
openstack role create ResellerAdmin
|
||||
|
||||
echo "Waiting for nova to initialise..."
|
||||
wait_for -w 500 --delay 10 -- nova list
|
||||
@ -383,7 +383,7 @@ fi
|
||||
## allow unlimited cores, instances and ram.
|
||||
## ::
|
||||
|
||||
nova quota-update --cores -1 --instances -1 --ram -1 $(keystone tenant-get admin | awk '$2=="id" {print $4}')
|
||||
nova quota-update --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
|
||||
|
||||
|
||||
## #. Register "bare metal" nodes with nova and setup Nova baremetal flavors.
|
||||
|
||||
@ -381,8 +381,8 @@ init-keystone -o $UNDERCLOUD_CTL_IP -t $UNDERCLOUD_ADMIN_TOKEN \
|
||||
--public $UNDERCLOUD_IP --no-pki-setup
|
||||
|
||||
# Creating these roles to be used by tenants using swift
|
||||
keystone role-create --name=swiftoperator
|
||||
keystone role-create --name=ResellerAdmin
|
||||
openstack role create swiftoperator
|
||||
openstack role create ResellerAdmin
|
||||
|
||||
|
||||
# Create service endpoints and optionally include Ceilometer for UI support
|
||||
@ -398,7 +398,7 @@ fi
|
||||
|
||||
setup-endpoints $UNDERCLOUD_CTL_IP $ENDPOINT_LIST $REGISTER_SERVICE_OPTS \
|
||||
--public $UNDERCLOUD_IP
|
||||
keystone role-create --name heat_stack_user
|
||||
openstack role create heat_stack_user
|
||||
|
||||
user-config
|
||||
|
||||
@ -460,7 +460,7 @@ fi
|
||||
## allow unlimited cores, instances and ram.
|
||||
## ::
|
||||
|
||||
nova quota-update --cores -1 --instances -1 --ram -1 $(keystone tenant-get admin | awk '$2=="id" {print $4}')
|
||||
nova quota-update --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
|
||||
|
||||
## #. Register two baremetal nodes with your undercloud.
|
||||
## ::
|
||||
|
||||
@ -68,43 +68,43 @@ fi
|
||||
|
||||
PASSWORD=${PASSWORD:-$(os-make-password)}
|
||||
|
||||
ADMIN_ROLE=$(keystone role-get admin| awk '$2=="id" {print $4}')
|
||||
ADMIN_ROLE=$(openstack role show admin| awk '$2=="id" {print $4}')
|
||||
if [ -z "$ADMIN_ROLE" ]; then
|
||||
echo "Could not find admin role" >&2
|
||||
exit 1
|
||||
fi
|
||||
MEMBER_ROLE=$(keystone role-get _member_| awk '$2=="id" {print $4}')
|
||||
MEMBER_ROLE=$(openstack role show _member_| awk '$2=="id" {print $4}')
|
||||
# Role _member_ is implicitly created by Keystone only while creating a new user
|
||||
# If no users were created, need to create a role explicitly
|
||||
if [ -z "$MEMBER_ROLE" ]; then
|
||||
MEMBER_ROLE=$(keystone role-create --name=_member_ | awk '$2=="id" {print $4}')
|
||||
MEMBER_ROLE=$(openstack role create _member_ | awk '$2=="id" {print $4}')
|
||||
echo "Created role _member_ with id ${MEMBER_ROLE}" >&2
|
||||
fi
|
||||
ADMIN_USER_ID=$(keystone user-get admin | awk '$2=="id" {print $4}')
|
||||
ADMIN_USER_ID=$(openstack user show admin | awk '$2=="id" {print $4}')
|
||||
if [ -z "$ADMIN_USER_ID" ]; then
|
||||
echo "Could not find admin user" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! keystone tenant-get $NAME 1>/dev/null 2>&1 ; then
|
||||
USER_TENANT_ID=$(keystone tenant-create --name=$NAME | awk '$2=="id" {print $4}')
|
||||
if ! openstack project show $NAME 1>/dev/null 2>&1 ; then
|
||||
USER_TENANT_ID=$(openstack project create $NAME | awk '$2=="id" {print $4}')
|
||||
if [ -z "$USER_TENANT_ID" ]; then
|
||||
echo "Failed to create tenant $NAME" >&2
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
USER_TENANT_ID=$(keystone tenant-get $NAME 2>/dev/null| awk '$2=="id" {print $4}')
|
||||
USER_TENANT_ID=$(openstack project show $NAME 2>/dev/null| awk '$2=="id" {print $4}')
|
||||
if [ -z "$USER_TENANT_ID" ]; then
|
||||
echo "Failed to retrieve existing tenant $NAME" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
USER_ID=$(keystone user-get $NAME | awk '$2=="id" {print $4}')
|
||||
USER_ID=$(openstack user show $NAME | awk '$2=="id" {print $4}')
|
||||
if [ -z "$USER_ID" ]; then
|
||||
USER_ID=$(keystone user-create --name=$NAME \
|
||||
--pass="$PASSWORD" \
|
||||
--email=$EMAIL | awk '$2=="id" {print $4}')
|
||||
USER_ID=$(openstack user create \
|
||||
--password "$PASSWORD" \
|
||||
--email $EMAIL $NAME | awk '$2=="id" {print $4}')
|
||||
if [ -z "$USER_ID" ]; then
|
||||
echo "Failed to create user $NAME" >&2
|
||||
exit 1
|
||||
@ -115,14 +115,14 @@ else
|
||||
echo "User $NAME with id $USER_ID already exists"
|
||||
fi
|
||||
|
||||
if keystone user-role-list --user-id $USER_ID --tenant-id $USER_TENANT_ID | grep -q "\s$MEMBER_ROLE\s"; then
|
||||
if openstack role list --user $USER_ID --project $USER_TENANT_ID | grep -q "\s$MEMBER_ROLE\s"; then
|
||||
echo "Role $MEMBER_ROLE is already granted for user $USER_ID with tenant $USER_TENANT_ID"
|
||||
else
|
||||
keystone user-role-add --user-id $USER_ID --role-id $MEMBER_ROLE --tenant-id $USER_TENANT_ID
|
||||
openstack role add --user $USER_ID --project $USER_TENANT_ID $MEMBER_ROLE
|
||||
fi
|
||||
|
||||
if keystone user-role-list --user-id $ADMIN_USER_ID --tenant-id $USER_TENANT_ID | grep -q "\s$ADMIN_ROLE\s"; then
|
||||
if openstack role list --user $ADMIN_USER_ID --project $USER_TENANT_ID | grep -q "\s$ADMIN_ROLE\s"; then
|
||||
echo "Role $ADMIN_ROLE is already granted for user $ADMIN_USER_ID with tenant $USER_TENANT_ID"
|
||||
else
|
||||
keystone user-role-add --user-id $ADMIN_USER_ID --role-id $ADMIN_ROLE --tenant-id $USER_TENANT_ID
|
||||
openstack role add --user $ADMIN_USER_ID --project $USER_TENANT_ID $ADMIN_ROLE
|
||||
fi
|
||||
|
||||
@ -138,7 +138,7 @@ if [ -z "$ADMIN_URL" ]; then
|
||||
ADMIN_URL="$INTERNAL_URL"
|
||||
fi
|
||||
|
||||
ADMIN_ROLE=$(keystone $DEBUG role-list | awk '/ admin / {print $2}')
|
||||
ADMIN_ROLE=$(openstack $DEBUG role list | awk '/ admin / {print $2}')
|
||||
if [ -z "$ADMIN_ROLE" ]; then
|
||||
echo "Could not find admin role" >&2
|
||||
exit 1
|
||||
@ -146,43 +146,43 @@ fi
|
||||
|
||||
# Some services don't need a user
|
||||
if [ "dashboard" != "$TYPE" ]; then
|
||||
SERVICE_TENANT=$(keystone $DEBUG tenant-list | awk '/ service / {print $2}')
|
||||
SERVICE_TENANT=$(openstack $DEBUG project list | awk '/ service / {print $2}')
|
||||
PASSWORD=${PASSWORD:-$(os-make-password)}
|
||||
|
||||
# Some services have multiple endpoints, the user doesn't need to be recreated
|
||||
USER_ID=$(keystone user-get $NAME | awk '$2=="id" { print $4 }')
|
||||
USER_ID=$(openstack $DEBUG user show $NAME | awk '$2=="id" { print $4 }')
|
||||
if [ -z "$USER_ID" ]; then
|
||||
USER_ID=$(keystone $DEBUG user-create --name=$NAME --pass=$PASSWORD --tenant-id $SERVICE_TENANT --email=nobody@example.com | awk ' / id / {print $4}')
|
||||
USER_ID=$(openstack $DEBUG user create --password $PASSWORD --project $SERVICE_TENANT --email=nobody@example.com $NAME | awk ' / id / {print $4}')
|
||||
fi
|
||||
if ! keystone user-role-list --tenant-id $SERVICE_TENANT --user-id $USER_ID | grep -q " $ADMIN_ROLE "; then
|
||||
if ! openstack role list --project $SERVICE_TENANT --user $USER_ID | grep -q " $ADMIN_ROLE "; then
|
||||
echo "Creating user-role assignment for user $NAME, role admin, tenant service"
|
||||
keystone user-role-add $DEBUG \
|
||||
--tenant-id $SERVICE_TENANT \
|
||||
--user-id $USER_ID \
|
||||
--role-id $ADMIN_ROLE
|
||||
openstack role add $DEBUG \
|
||||
--project $SERVICE_TENANT \
|
||||
--user $USER_ID \
|
||||
$ADMIN_ROLE
|
||||
fi
|
||||
#Add the admin tenant role for ceilometer user to enable polling services
|
||||
if [ "metering" == "$TYPE" ]; then
|
||||
ADMIN_TENANT=$(keystone $DEBUG tenant-list | awk '/ admin / {print $2}')
|
||||
if ! keystone user-role-list --tenant-id $ADMIN_TENANT --user-id $USER_ID | grep -q " $ADMIN_ROLE "; then
|
||||
ADMIN_TENANT=$(openstack $DEBUG project list | awk '/ admin / {print $2}')
|
||||
if ! openstack role list --project $ADMIN_TENANT --user $USER_ID | grep -q " $ADMIN_ROLE "; then
|
||||
echo "Creating user-role assignment for user $NAME, role admin, tenant admin"
|
||||
keystone user-role-add $DEBUG \
|
||||
--tenant-id $ADMIN_TENANT \
|
||||
--user-id $USER_ID \
|
||||
--role-id $ADMIN_ROLE
|
||||
openstack role add $DEBUG \
|
||||
--project $ADMIN_TENANT \
|
||||
--user $USER_ID \
|
||||
$ADMIN_ROLE
|
||||
#swift polling requires ResellerAdmin role to be added to the Ceilometer user
|
||||
RESELLER_ADMIN_ROLE=$(keystone $DEBUG role-list | awk '/ ResellerAdmin / {print $2}')
|
||||
keystone user-role-add $DEBUG \
|
||||
--tenant-id $ADMIN_TENANT \
|
||||
--user-id $USER_ID \
|
||||
--role-id $RESELLER_ADMIN_ROLE
|
||||
RESELLER_ADMIN_ROLE=$(openstack $DEBUG role list | awk '/ ResellerAdmin / {print $2}')
|
||||
openstack role add $DEBUG \
|
||||
--project $ADMIN_TENANT \
|
||||
--user $USER_ID \
|
||||
$RESELLER_ADMIN_ROLE
|
||||
fi
|
||||
fi
|
||||
|
||||
fi
|
||||
SERVICE_ID=$(keystone $DEBUG service-create --name=$NAME --type=$TYPE "$DESCRIPTION" | awk '/ id / {print $4}')
|
||||
keystone endpoint-create $DEBUG --region "$REGION" --service-id $SERVICE_ID \
|
||||
SERVICE_ID=$(openstack $DEBUG service create --name $NAME "$DESCRIPTION" $TYPE | awk '/ id / {print $4}')
|
||||
openstack endpoint create $DEBUG \
|
||||
--publicurl "${PUBLIC_URL}${SUFFIX}" \
|
||||
--adminurl "${ADMIN_URL}${ADMIN_SUFFIX}" \
|
||||
--internalurl "${INTERNAL_URL}${SUFFIX}"
|
||||
--internalurl "${INTERNAL_URL}${SUFFIX}" --region "$REGION" $SERVICE_ID
|
||||
echo "Service $TYPE created"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user