Merge "Remove some keystone resource parsers"
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index ea2d52d..07b6b60 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -28,16 +28,6 @@
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
-function get_id () {
- echo `"$@" | awk '/ id / { print $4 }'`
-}
-
-# Lookups
-SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
-MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
-
-
# Roles
# -----
@@ -45,53 +35,52 @@
# The admin role in swift allows a user to act as an admin for their tenant,
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
# role is also configurable in swift-proxy.conf
-RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
+keystone role-create --name=ResellerAdmin
# Service role, so service users do not have to be admins
-SERVICE_ROLE=$(get_id keystone role-create --name=service)
+keystone role-create --name=service
# Services
# --------
if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then
- NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }")
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
keystone user-role-add \
- --tenant-id $SERVICE_TENANT \
- --user-id $NOVA_USER \
- --role-id $RESELLER_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --user nova \
+ --role ResellerAdmin
fi
# Heat
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
- HEAT_USER=$(get_id keystone user-create --name=heat \
+ keystone user-create --name=heat \
--pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=heat@example.com)
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $HEAT_USER \
- --role-id $SERVICE_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --email=heat@example.com
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \
+ --user heat \
+ --role service
# heat_stack_user role is for users created by Heat
keystone role-create --name heat_stack_user
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- HEAT_CFN_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=heat-cfn \
--type=cloudformation \
- --description="Heat CloudFormation Service")
+ --description="Heat CloudFormation Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $HEAT_CFN_SERVICE \
+ --service heat-cfn \
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
- HEAT_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=heat \
--type=orchestration \
- --description="Heat Service")
+ --description="Heat Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $HEAT_SERVICE \
+ --service heat \
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
@@ -100,23 +89,23 @@
# Glance
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
- GLANCE_USER=$(get_id keystone user-create \
+ keystone user-create \
--name=glance \
--pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=glance@example.com)
+ --tenant $SERVICE_TENANT_NAME \
+ --email=glance@example.com
keystone user-role-add \
- --tenant-id $SERVICE_TENANT \
- --user-id $GLANCE_USER \
- --role-id $ADMIN_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --user glance \
+ --role admin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- GLANCE_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=glance \
--type=image \
- --description="Glance Image Service")
+ --description="Glance Image Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $GLANCE_SERVICE \
+ --service glance \
--publicurl "http://$SERVICE_HOST:9292" \
--adminurl "http://$SERVICE_HOST:9292" \
--internalurl "http://$SERVICE_HOST:9292"
@@ -125,25 +114,25 @@
# Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
- CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \
+ keystone user-create --name=ceilometer \
--pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=ceilometer@example.com)
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $CEILOMETER_USER \
- --role-id $ADMIN_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --email=ceilometer@example.com
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \
+ --user ceilometer \
+ --role admin
# Ceilometer needs ResellerAdmin role to access swift account stats.
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $CEILOMETER_USER \
- --role-id $RESELLER_ROLE
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \
+ --user ceilometer \
+ --role ResellerAdmin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- CEILOMETER_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=ceilometer \
--type=metering \
- --description="Ceilometer Service")
+ --description="Ceilometer Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $CEILOMETER_SERVICE \
+ --service ceilometer \
--publicurl "http://$SERVICE_HOST:8777" \
--adminurl "http://$SERVICE_HOST:8777" \
--internalurl "http://$SERVICE_HOST:8777"
@@ -153,13 +142,13 @@
# EC2
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- EC2_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=ec2 \
--type=ec2 \
- --description="EC2 Compatibility Layer")
+ --description="EC2 Compatibility Layer"
keystone endpoint-create \
--region RegionOne \
- --service_id $EC2_SERVICE \
+ --service ec2 \
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
--internalurl "http://$SERVICE_HOST:8773/services/Cloud"
@@ -169,13 +158,13 @@
# S3
if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- S3_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=s3 \
--type=s3 \
- --description="S3")
+ --description="S3"
keystone endpoint-create \
--region RegionOne \
- --service_id $S3_SERVICE \
+ --service s3 \
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
@@ -185,14 +174,14 @@
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
# Tempest has some tests that validate various authorization checks
# between two regular users in separate tenants
- ALT_DEMO_TENANT=$(get_id keystone tenant-create \
- --name=alt_demo)
- ALT_DEMO_USER=$(get_id keystone user-create \
+ keystone tenant-create \
+ --name=alt_demo
+ keystone user-create \
--name=alt_demo \
--pass="$ADMIN_PASSWORD" \
- --email=alt_demo@example.com)
+ --email=alt_demo@example.com
keystone user-role-add \
- --tenant-id $ALT_DEMO_TENANT \
- --user-id $ALT_DEMO_USER \
- --role-id $MEMBER_ROLE
+ --tenant alt_demo \
+ --user alt_demo \
+ --role Member
fi