Replace TENANT => PROJECT phase 1
This replaces the use of TENANT variables with PROJECT ones during the
initial setup. The openrc will still export a OS_TENANT_NAME because
many tools (cinderclient, glanceclient amoung them) will not function
without it. We warn when we do that.
Change-Id: I824b1121842eb5821034071874bf1bb2d7c3631e
diff --git a/lib/cinder b/lib/cinder
index e1e1f2a..6401f2d 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -351,7 +351,7 @@
# Set os_privileged_user credentials (used for os-assisted-snapshots)
iniset $CINDER_CONF DEFAULT os_privileged_user_name nova
iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
- iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_TENANT_NAME"
+ iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
}
diff --git a/lib/glance b/lib/glance
index c248611..4df2310 100644
--- a/lib/glance
+++ b/lib/glance
@@ -143,7 +143,7 @@
iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
- iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id default
@@ -198,7 +198,7 @@
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
- iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password
@@ -226,9 +226,9 @@
# Project User Roles
# ---------------------------------------------------------------------
-# SERVICE_TENANT_NAME glance service
-# SERVICE_TENANT_NAME glance-swift ResellerAdmin (if Swift is enabled)
-# SERVICE_TENANT_NAME glance-search search (if Search is enabled)
+# SERVICE_PROJECT_NAME glance service
+# SERVICE_PROJECT_NAME glance-swift ResellerAdmin (if Swift is enabled)
+# SERVICE_PROJECT_NAME glance-search search (if Search is enabled)
function create_glance_accounts {
if is_service_enabled g-api; then
@@ -241,7 +241,7 @@
local glance_swift_user
glance_swift_user=$(get_or_create_user "glance-swift" \
"$SERVICE_PASSWORD" "default" "glance-swift@example.com")
- get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
+ get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_PROJECT_NAME
fi
get_or_create_service "glance" "image" "Glance Image Service"
diff --git a/lib/keystone b/lib/keystone
index 7d5fd41..e33081c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -108,7 +108,7 @@
# Bind hosts
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
# Set the tenant for service accounts in Keystone
-SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
+SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service}
# if we are running with SSL use https protocols
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
@@ -384,7 +384,7 @@
get_or_add_user_domain_role $admin_role $admin_user default
# Create service project/role
- get_or_create_project "$SERVICE_TENANT_NAME" default
+ get_or_create_project "$SERVICE_PROJECT_NAME" default
# Service role, so service users do not have to be admins
get_or_create_role service
@@ -458,7 +458,7 @@
local user
user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
- get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
+ get_or_add_user_project_role "$role" "$user" "$SERVICE_PROJECT_NAME"
}
# Configure the service to use the auth token middleware.
@@ -479,7 +479,7 @@
iniset $conf_file $section username $admin_user
iniset $conf_file $section password $SERVICE_PASSWORD
iniset $conf_file $section user_domain_id default
- iniset $conf_file $section project_name $SERVICE_TENANT_NAME
+ iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
iniset $conf_file $section project_domain_id default
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 539b9ff..ebf9825 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -483,7 +483,7 @@
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
iniset $NOVA_CONF neutron user_domain_name "Default"
- iniset $NOVA_CONF neutron project_name "$SERVICE_TENANT_NAME"
+ iniset $NOVA_CONF neutron project_name "$SERVICE_PROJECT_NAME"
iniset $NOVA_CONF neutron project_domain_name "Default"
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
iniset $NOVA_CONF neutron region_name "$REGION_NAME"
@@ -1169,7 +1169,7 @@
iniset $NEUTRON_CONF nova username nova
iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
iniset $NEUTRON_CONF nova user_domain_id default
- iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
+ iniset $NEUTRON_CONF nova project_name $SERVICE_PROJECT_NAME
iniset $NEUTRON_CONF nova project_domain_id default
iniset $NEUTRON_CONF nova region_name $REGION_NAME
diff --git a/lib/nova b/lib/nova
index cce538d..fd458c5 100644
--- a/lib/nova
+++ b/lib/nova
@@ -404,8 +404,8 @@
#
# Project User Roles
# ------------------------------------------------------------------
-# SERVICE_TENANT_NAME nova admin
-# SERVICE_TENANT_NAME nova ResellerAdmin (if Swift is enabled)
+# SERVICE_PROJECT_NAME nova admin
+# SERVICE_PROJECT_NAME nova ResellerAdmin (if Swift is enabled)
function create_nova_accounts {
# Nova
@@ -444,7 +444,7 @@
if is_service_enabled swift; then
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
- get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME
+ get_or_add_user_project_role ResellerAdmin nova $SERVICE_PROJECT_NAME
fi
fi
diff --git a/lib/swift b/lib/swift
index 947d2ab..b6c3ca4 100644
--- a/lib/swift
+++ b/lib/swift
@@ -450,7 +450,7 @@
auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
cafile = ${SSL_BUNDLE_FILE}
admin_user = swift
-admin_tenant_name = ${SERVICE_TENANT_NAME}
+admin_tenant_name = ${SERVICE_PROJECT_NAME}
admin_password = ${SERVICE_PASSWORD}
[filter:swift3]
@@ -812,7 +812,7 @@
# note we are using swift credentials!
OS_USERNAME=swift \
OS_PASSWORD=$SERVICE_PASSWORD \
- OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
+ OS_PROJECT_NAME=$SERVICE_PROJECT_NAME \
openstack object store account \
set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY"
}