Revert "Convert identity defaults to keystone v3 api"
This change have broke the Ironic tests. Reverting to unblock the Ironic
gate.
This reverts commit 4b115ad526df7e12bbdc71e0280b3c691e53ed04.
Closes-Bug: #1492216
Change-Id: I03acfdf47caf435cede1df08fd79b288a6662435
diff --git a/functions-common b/functions-common
index 473808b..446de53 100644
--- a/functions-common
+++ b/functions-common
@@ -690,13 +690,16 @@
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local domain_id
+ local os_url="$KEYSTONE_SERVICE_URI_V3"
# Gets domain id
domain_id=$(
# Gets domain id
- openstack domain show $1 \
+ openstack --os-token=$OS_TOKEN --os-url=$os_url \
+ --os-identity-api-version=3 domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
- openstack domain create $1 \
+ openstack --os-token=$OS_TOKEN --os-url=$os_url \
+ --os-identity-api-version=3 domain create $1 \
--description "$2" \
-f value -c id
)
@@ -707,11 +710,13 @@
# Usage: get_or_create_group <groupname> <domain> [<description>]
function get_or_create_group {
local desc="${3:-}"
+ local os_url="$KEYSTONE_SERVICE_URI_V3"
local group_id
# Gets group id
group_id=$(
# Creates new group with --or-show
- openstack group create $1 \
+ openstack --os-token=$OS_TOKEN --os-url=$os_url \
+ --os-identity-api-version=3 group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@@ -733,6 +738,8 @@
openstack user create \
$1 \
--password "$2" \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--domain=$3 \
$email \
--or-show \
@@ -747,7 +754,9 @@
local project_id
project_id=$(
# Creates new project with --or-show
- openstack project create $1 \
+ openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@@ -761,6 +770,8 @@
role_id=$(
# Creates role with --or-show
openstack role create $1 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--or-show -f value -c id
)
echo $role_id
@@ -773,6 +784,8 @@
# Gets user role id
user_role_id=$(openstack role list \
--user $2 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--column "ID" \
--project $3 \
--column "Name" \
@@ -783,6 +796,8 @@
$1 \
--user $2 \
--project $3 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
| grep " id " | get_field 2)
fi
echo $user_role_id
@@ -794,15 +809,21 @@
local group_role_id
# Gets group role id
group_role_id=$(openstack role list \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
openstack role add $1 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--group $2 \
--project $3
group_role_id=$(openstack role list \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
@@ -820,6 +841,8 @@
openstack service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
+ --os-url $KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
$2 \
--name $1 \
--description="$3" \
@@ -838,6 +861,8 @@
# gets support for this, the check for the region name can be removed.
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
endpoint_id=$(openstack endpoint list \
+ --os-url $KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--service $1 \
--interface $2 \
--region $4 \
@@ -845,6 +870,8 @@
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
endpoint_id=$(openstack endpoint create \
+ --os-url $KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
$1 $2 $3 --region $4 -f value -c id)
fi
diff --git a/stack.sh b/stack.sh
index 093fef4..accfd0a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -989,15 +989,13 @@
start_keystone
fi
- export OS_IDENTITY_API_VERSION=3
-
# Set up a temporary admin URI for Keystone
- SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
# Until the client support is fixed, just use the internal endpoint
- SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
+ SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
fi
# Setup OpenStackClient token-endpoint auth
@@ -1025,13 +1023,14 @@
# Begone token auth
unset OS_TOKEN OS_URL
+ # force set to use v2 identity authentication even with v3 commands
+ export OS_AUTH_TYPE=v2password
+
# Set up password auth credentials now that Keystone is bootstrapped
- export OS_AUTH_URL=$KEYSTONE_AUTH_URI
+ export OS_AUTH_URL=$SERVICE_ENDPOINT
+ export OS_TENANT_NAME=admin
export OS_USERNAME=admin
- export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=$ADMIN_PASSWORD
- export OS_PROJECT_NAME=admin
- export OS_PROJECT_DOMAIN_ID=default
export OS_REGION_NAME=$REGION_NAME
fi