Move default Keystone API version to v3
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f165
Partially-Implements: bp keystonev3
diff --git a/lib/glance b/lib/glance
index 0431bba..bf0643b 100644
--- a/lib/glance
+++ b/lib/glance
@@ -205,7 +205,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
diff --git a/lib/heat b/lib/heat
index df44b76..3c3be79 100644
--- a/lib/heat
+++ b/lib/heat
@@ -167,7 +167,7 @@
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
# ec2authtoken
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
+ iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v3
# OpenStack API
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index c6ed85d..2aa9b12 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -47,7 +47,7 @@
# ironic section
iniset $NOVA_CONF ironic admin_username admin
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
- iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
+ iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v3
iniset $NOVA_CONF ironic admin_tenant_name demo
iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1
}
diff --git a/lib/tempest b/lib/tempest
index 3c34aad..4a289fa 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -259,6 +259,7 @@
# Identity
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
+ iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME
iniset $TEMPEST_CONFIG auth admin_password "$password"
@@ -269,10 +270,6 @@
if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
# Only Identity v3 is available; then skip Identity API v2 tests
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
- # In addition, use v3 auth tokens for running all Tempest tests
- iniset $TEMPEST_CONFIG identity auth_version v3
- else
- iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
fi
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
diff --git a/openrc b/openrc
index 9bc0fd7..f81345f 100644
--- a/openrc
+++ b/openrc
@@ -77,15 +77,22 @@
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
# Identity API version
-export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
# the user/tenant has access to - including nova, glance, keystone, swift, ...
-# We currently recommend using the 2.0 *identity api*.
+# We currently recommend using the version 3 *identity api*.
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
+# Currently, in order to use openstackclient with Identity API v3,
+# we need to set the domain which the user and project belong to.
+if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
+ export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
+ export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
+fi
+
# Set OS_CACERT to a default CA certificate chain if it exists.
if [[ ! -v OS_CACERT ]] ; then
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
diff --git a/stackrc b/stackrc
index 58146a4..903da80 100644
--- a/stackrc
+++ b/stackrc
@@ -130,7 +130,7 @@
fi
# Configure Identity API version: 2.0, 3
-IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
# deployment will be deploying the Identity v2 pipelines. If this option is set
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 74d5428..00a208c 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -133,7 +133,7 @@
fi
if [ -z "$OS_AUTH_URL" ]; then
- export OS_AUTH_URL=http://localhost:5000/v2.0/
+ export OS_AUTH_URL=http://localhost:5000/v3/
fi
if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
@@ -236,7 +236,7 @@
export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
-export OS_AUTH_TYPE=v2password
+export OS_AUTH_TYPE=v3password
EOF
if [ -n "$ADDPASS" ]; then
echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"