Change most keystoneclient commands to openstacklient in libs
migrated most keystoneclient commands from the following libs:
ceilometer
cinder
ironic
keystone
marconi
neutron
nova
savanna
swift
trove
Also need to set and unset openstackclient specific environment
variables from stack.sh
Change-Id: I725f30bc08e1df5a4c5770576c19ad1ddaeb843a
diff --git a/lib/keystone b/lib/keystone
index 4f7f68b..bf0dcbb 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -275,60 +275,69 @@
create_keystone_accounts() {
# admin
- ADMIN_TENANT=$(keystone tenant-create \
- --name admin \
+ ADMIN_TENANT=$(openstack project create \
+ admin \
| grep " id " | get_field 2)
- ADMIN_USER=$(keystone user-create \
- --name admin \
- --pass "$ADMIN_PASSWORD" \
+ ADMIN_USER=$(openstack user create \
+ admin \
+ --project "$ADMIN_TENANT" \
--email admin@example.com \
+ --password "$ADMIN_PASSWORD" \
| grep " id " | get_field 2)
- ADMIN_ROLE=$(keystone role-create \
- --name admin \
+ ADMIN_ROLE=$(openstack role create \
+ admin \
| grep " id " | get_field 2)
- keystone user-role-add \
- --user-id $ADMIN_USER \
- --role-id $ADMIN_ROLE \
- --tenant-id $ADMIN_TENANT
+ openstack role add \
+ $ADMIN_ROLE \
+ --project $ADMIN_TENANT \
+ --user $ADMIN_USER
# service
- SERVICE_TENANT=$(keystone tenant-create \
- --name $SERVICE_TENANT_NAME \
+ SERVICE_TENANT=$(openstack project create \
+ $SERVICE_TENANT_NAME \
| grep " id " | get_field 2)
# The Member role is used by Horizon and Swift so we need to keep it:
- MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
+ MEMBER_ROLE=$(openstack role create \
+ Member \
+ | grep " id " | get_field 2)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
- ANOTHER_ROLE=$(keystone role-create --name=anotherrole | grep " id " | get_field 2)
+ ANOTHER_ROLE=$(openstack role create \
+ anotherrole \
+ | grep " id " | get_field 2)
# invisible tenant - admin can't see this one
- INVIS_TENANT=$(keystone tenant-create --name=invisible_to_admin | grep " id " | get_field 2)
+ INVIS_TENANT=$(openstack project create \
+ invisible_to_admin \
+ | grep " id " | get_field 2)
# demo
- DEMO_TENANT=$(keystone tenant-create \
- --name=demo \
+ DEMO_TENANT=$(openstack project create \
+ demo \
| grep " id " | get_field 2)
- DEMO_USER=$(keystone user-create \
- --name demo \
- --pass "$ADMIN_PASSWORD" \
+ DEMO_USER=$(openstack user create \
+ demo \
+ --project $DEMO_TENANT \
--email demo@example.com \
+ --password "$ADMIN_PASSWORD" \
| grep " id " | get_field 2)
- keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT
- keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT
- keystone user-role-add --user-id $DEMO_USER --role-id $ANOTHER_ROLE --tenant-id $DEMO_TENANT
- keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT
+
+ openstack role add --project $DEMO_TENANT --user $DEMO_USER $MEMBER_ROLE
+ openstack role add --project $DEMO_TENANT --user $ADMIN_USER $ADMIN_ROLE
+ openstack role add --project $DEMO_TENANT --user $DEMO_USER $ANOTHER_ROLE
+ openstack role add --project $INVIS_TENANT --user $DEMO_USER $MEMBER_ROLE
# Keystone
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- KEYSTONE_SERVICE=$(keystone service-create \
- --name keystone \
+ KEYSTONE_SERVICE=$(openstack service create \
+ keystone \
--type identity \
--description "Keystone Identity Service" \
| grep " id " | get_field 2)
- keystone endpoint-create \
+ openstack endpoint create \
+ $KEYSTONE_SERVICE \
--region RegionOne \
- --service_id $KEYSTONE_SERVICE \
--publicurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
--adminurl "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
--internalurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"