Prepare for dropping keystone admin endpoint
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
diff --git a/functions-common b/functions-common
index dea5aa9..6595c3d 100644
--- a/functions-common
+++ b/functions-common
@@ -47,7 +47,7 @@
# Save these variables to .stackenv
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
- KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \
+ KEYSTONE_SERVICE_URI \
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \
HOST_IPV6 SERVICE_IP_VERSION"
diff --git a/lib/glance b/lib/glance
index 4fa1b6a..6d252e3 100644
--- a/lib/glance
+++ b/lib/glance
@@ -208,8 +208,7 @@
if is_service_enabled tls-proxy; then
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
-
- iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI
fi
# Format logging
@@ -221,7 +220,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD
diff --git a/lib/keystone b/lib/keystone
index 1910f34..d4c7b06 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -115,7 +115,7 @@
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
# V3 URIs
-KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
+KEYSTONE_AUTH_URI_V3=$KEYSTONE_SERVICE_URI/v3
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
# Security compliance
@@ -413,6 +413,7 @@
local section=${3:-keystone_authtoken}
iniset $conf_file $section auth_type password
+ iniset $conf_file $section interface public
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
iniset $conf_file $section username $admin_user
iniset $conf_file $section password $SERVICE_PASSWORD
@@ -561,7 +562,6 @@
# - ``KEYSTONE_BIN_DIR``
# - ``ADMIN_PASSWORD``
# - ``IDENTITY_API_VERSION``
-# - ``KEYSTONE_AUTH_URI``
# - ``REGION_NAME``
# - ``KEYSTONE_SERVICE_PROTOCOL``
# - ``KEYSTONE_SERVICE_HOST``
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index bb1536a..5e4251f 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -372,7 +372,7 @@
function create_nova_conf_neutron {
local conf=${1:-$NOVA_CONF}
iniset $conf neutron auth_type "password"
- iniset $conf neutron auth_url "$KEYSTONE_AUTH_URI"
+ iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI"
iniset $conf neutron username "$Q_ADMIN_USERNAME"
iniset $conf neutron password "$SERVICE_PASSWORD"
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME"
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index b147c43..bda6ef6 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -46,7 +46,7 @@
iniset $NOVA_CONF ironic auth_type password
iniset $NOVA_CONF ironic username admin
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD
- iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI
+ iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI
iniset $NOVA_CONF ironic project_domain_id default
iniset $NOVA_CONF ironic user_domain_id default
iniset $NOVA_CONF ironic project_name demo
diff --git a/lib/swift b/lib/swift
index 3c121ca..a981dfc 100644
--- a/lib/swift
+++ b/lib/swift
@@ -527,7 +527,7 @@
else
iniset ${testfile} func_test auth_port 80
fi
- iniset ${testfile} func_test auth_uri ${KEYSTONE_AUTH_URI}
+ iniset ${testfile} func_test auth_uri ${KEYSTONE_SERVICE_URI}
if [[ "$auth_vers" == "3" ]]; then
iniset ${testfile} func_test auth_prefix /identity/v3/
else
diff --git a/openrc b/openrc
index 99d3351..beeaebe 100644
--- a/openrc
+++ b/openrc
@@ -87,9 +87,9 @@
# If you don't have a working .stackenv, this is the backup position
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP}
+KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP}
-export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_AUTH_URI}
+export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI}
# Currently, in order to use openstackclient with Identity API v3,
# we need to set the domain which the user and project belong to.
diff --git a/stack.sh b/stack.sh
index 709b97b..37e7518 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1053,7 +1053,7 @@
# Set up password auth credentials now that Keystone is bootstrapped
export OS_IDENTITY_API_VERSION=3
-export OS_AUTH_URL=$KEYSTONE_AUTH_URI
+export OS_AUTH_URL=$KEYSTONE_SERVICE_URI
export OS_USERNAME=admin
export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=$ADMIN_PASSWORD