The following in-house jumbo patch constitutes the upstream changes in
Kilo for the following changesets
fa43b6f6d196ea7780de4530c1d59bd43bc0b6de
82449dd550b4724fc90e1f2c16ae5f3237eebd25
e614b299408b65a6558888b1f4930a9b641f1920
6cd2e5eccdad0005c4a69d85aa6918cfc33062c5
19f3ad9eca9e9d73e6a147b06d66d4dcb66d2934
which address a number of issues with tools/sample_data.sh including
switching from the deprecated keystoneclient to the new openstackclient
commands.
commit fa43b6f6d196ea7780de4530c1d59bd43bc0b6de
Author: phil-hopkins-a <phil.hopkins@rackspace.com>
Date: Thu May 28 15:34:57 2015 -0500
updates sample_data script to use the new openstack commands
Cleans up the sample_data script to replace the keystoneclient commands
with the new openstackclient commands
Change-Id: Id68ff2b466e582a0c2f4418d173f7d63c14f5f37
Closes-Bug: #1459816
commit 82449dd550b4724fc90e1f2c16ae5f3237eebd25
Author: Eric Brown <browne@vmware.com>
Date: Sun Jul 12 22:47:27 2015 -0700
Replace reference of ksc with osc
The leading comment in sample_data.sh still references the old
python-keystoneclient when its python-openstackclient that is
used to populate sample data.
This patch also makes a minor fix of the Swift service description.
TrivialFix
Change-Id: Ie4f5729dcc0b3a6164470d11ba91ddaaec0bb022
commit e614b299408b65a6558888b1f4930a9b641f1920
Author: Ghe Rivero <ghe.rivero@hp.com>
Date: Sat Aug 1 05:00:05 2015 +0200
Update exported variables for openstack client
When using openstack client to populate an initial keystone
deployment, instead of the former keystone client, the env.
variables needed are OS_TOKEN and OS_URL instead of the
previous OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT
Change-Id: I79dcd56896945267cf1c8ff4378ffff63048e155
commit 6cd2e5eccdad0005c4a69d85aa6918cfc33062c5
Author: Ghe Rivero <ghe.rivero@hp.com>
Date: Sat Aug 1 05:16:28 2015 +0200
Missing ADMIN_USER in sample_data.sh
When moving from keystone to openstack client, the initialization of
the ADMIN_USER variable was removed, making the script to fail.
Change-Id: Iee2d5b1cbed6c93e335a4b4dbad3034a2f8e29ed
commit 19f3ad9eca9e9d73e6a147b06d66d4dcb66d2934
Author: Ghe Rivero <ghe.rivero@hp.com>
Date: Sun Aug 2 17:57:37 2015 +0200
Create neutron service in sample_data.sh
With the addition of Neutron to the sample_data.sh script, all services
required by the compute starter kit tag [1] are created (plus swift and ec2
compatible credentials)
Change-Id: Iebc4f6b005e0466fe60691d964c7dea0e0eee947
--- keystone-2015.1.2/doc/source/developing.rst.~1~ 2015-10-13 10:18:02.000000000 -0700
+++ keystone-2015.1.2/doc/source/developing.rst 2016-02-05 23:16:41.873683648 -0800
@@ -75,6 +75,7 @@ place:
$ bin/keystone-manage db_sync
.. _`python-keystoneclient`: https://github.com/openstack/python-keystoneclient
+.. _`openstackclient`: https://git.openstack.org/cgit/openstack/python-openstackclient
If the above commands result in a ``KeyError``, or they fail on a
``.pyc`` file with the message, ``You can only have one Python script per
@@ -158,18 +159,24 @@ data for use with keystone:
.. code-block:: bash
- $ OS_SERVICE_TOKEN=ADMIN tools/with_venv.sh tools/sample_data.sh
+ $ OS_TOKEN=ADMIN tools/with_venv.sh tools/sample_data.sh
Notice it requires a service token read from an environment variable for
authentication. The default value "ADMIN" is from the ``admin_token``
option in the ``[DEFAULT]`` section in ``etc/keystone.conf``.
Once run, you can see the sample data that has been created by using the
-`python-keystoneclient`_ command-line interface:
+`openstackclient`_ command-line interface:
.. code-block:: bash
- $ tools/with_venv.sh keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0/ user-list
+ $ tools/with_venv.sh openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ user list
+
+The `openstackclient`_ can be installed using the following:
+
+.. code-block:: bash
+
+ $ tools/with_venv.sh pip install python-openstackclient
Filtering responsibilities between controllers and drivers
----------------------------------------------------------
--- keystone-2015.1.2/tools/sample_data.sh.~1~ 2015-10-13 10:18:02.000000000 -0700
+++ keystone-2015.1.2/tools/sample_data.sh 2016-02-05 23:16:41.875371581 -0800
@@ -14,14 +14,14 @@
# License for the specific language governing permissions and limitations
# under the License.
-# Sample initial data for Keystone using python-keystoneclient
+# Sample initial data for Keystone using python-openstackclient
#
# This script is based on the original DevStack keystone_data.sh script.
#
# It demonstrates how to bootstrap Keystone with an administrative user
-# using the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
-# and the administrative API. It will get the admin_token (OS_SERVICE_TOKEN)
-# and admin_port from keystone.conf if available.
+# using the OS_TOKEN and OS_URL environment variables and the administrative
+# API. It will get the admin_token (OS_TOKEN) and admin_port from
+# keystone.conf if available.
#
# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
# Use this with the Catalog Templated backend.
@@ -36,17 +36,25 @@
# service nova admin
# service ec2 admin
# service swift admin
+# service neutron admin
# By default, passwords used are those in the OpenStack Install and Deploy Manual.
# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
# environment variables. A common default password for all the services can be used by
# setting the "SERVICE_PASSWORD" environment variable.
+# Test to verify that the openstackclient is installed, if not exit
+type openstack >/dev/null 2>&1 || {
+ echo >&2 "openstackclient is not installed. Please install it to use this script. Aborting."
+ exit 1
+ }
+
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}
GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}
EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
+NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}
CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
@@ -79,14 +87,14 @@ if [[ -r "$KEYSTONE_CONF" ]]; then
fi
fi
-export OS_SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
-if [[ -z "$OS_SERVICE_TOKEN" ]]; then
+export OS_TOKEN=${OS_TOKEN:-$CONFIG_SERVICE_TOKEN}
+if [[ -z "$OS_TOKEN" ]]; then
echo "No service token found."
- echo "Set OS_SERVICE_TOKEN manually from keystone.conf admin_token."
+ echo "Set OS_TOKEN manually from keystone.conf admin_token."
exit 1
fi
-export OS_SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
+export OS_URL=${OS_URL:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
function get_id () {
echo `"$@" | grep ' id ' | awk '{print $4}'`
@@ -95,141 +103,160 @@ function get_id () {
#
# Default tenant
#
-DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
- --description "Default Tenant")
+openstack project create demo \
+ --description "Default Tenant"
-ADMIN_USER=$(get_id keystone user-create --name=admin \
- --pass="${ADMIN_PASSWORD}")
+openstack user create admin --project demo \
+ --password "${ADMIN_PASSWORD}"
-ADMIN_ROLE=$(get_id keystone role-create --name=admin)
+openstack role create admin
-keystone user-role-add --user-id $ADMIN_USER \
- --role-id $ADMIN_ROLE \
- --tenant-id $DEMO_TENANT
+openstack role add --user admin \
+ --project demo\
+ admin
#
# Service tenant
#
-SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
- --description "Service Tenant")
+openstack project create service \
+ --description "Service Tenant"
+
+openstack user create glance --project service\
+ --password "${GLANCE_PASSWORD}"
+
+openstack role add --user glance \
+ --project service \
+ admin
+
+openstack user create nova --project service\
+ --password "${NOVA_PASSWORD}"
+
+openstack role add --user nova \
+ --project service \
+ admin
+
+openstack user create ec2 --project service \
+ --password "${EC2_PASSWORD}"
+
+openstack role add --user ec2 \
+ --project service \
+ admin
-GLANCE_USER=$(get_id keystone user-create --name=glance \
- --pass="${GLANCE_PASSWORD}")
+openstack user create swift --project service \
+ --password "${SWIFT_PASSWORD}" \
-keystone user-role-add --user-id $GLANCE_USER \
- --role-id $ADMIN_ROLE \
- --tenant-id $SERVICE_TENANT
-
-NOVA_USER=$(get_id keystone user-create --name=nova \
- --pass="${NOVA_PASSWORD}" \
- --tenant-id $SERVICE_TENANT)
-
-keystone user-role-add --user-id $NOVA_USER \
- --role-id $ADMIN_ROLE \
- --tenant-id $SERVICE_TENANT
-
-EC2_USER=$(get_id keystone user-create --name=ec2 \
- --pass="${EC2_PASSWORD}" \
- --tenant-id $SERVICE_TENANT)
-
-keystone user-role-add --user-id $EC2_USER \
- --role-id $ADMIN_ROLE \
- --tenant-id $SERVICE_TENANT
-
-SWIFT_USER=$(get_id keystone user-create --name=swift \
- --pass="${SWIFT_PASSWORD}" \
- --tenant-id $SERVICE_TENANT)
-
-keystone user-role-add --user-id $SWIFT_USER \
- --role-id $ADMIN_ROLE \
- --tenant-id $SERVICE_TENANT
+openstack role add --user swift \
+ --project service \
+ admin
+
+openstack user create neutron --project service \
+ --password "${NEUTRON_PASSWORD}" \
+
+openstack role add --user neutron \
+ --project service \
+ admin
#
# Keystone service
#
-KEYSTONE_SERVICE=$(get_id \
-keystone service-create --name=keystone \
- --type=identity \
- --description="Keystone Identity Service")
+openstack service create --name keystone \
+ --description "Keystone Identity Service" \
+ identity
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
+ openstack endpoint create --region RegionOne \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" \
+ keystone
fi
#
# Nova service
#
-NOVA_SERVICE=$(get_id \
-keystone service-create --name=nova \
- --type=compute \
- --description="Nova Compute Service")
+openstack service create --name=nova \
+ --description="Nova Compute Service" \
+ compute
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
+ openstack endpoint create --region RegionOne \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s"
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
+ nova
fi
#
# Volume service
#
-VOLUME_SERVICE=$(get_id \
-keystone service-create --name=volume \
- --type=volume \
- --description="Nova Volume Service")
+openstack service create --name=volume \
+ --description="Cinder Volume Service" \
+ volume
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
+ openstack endpoint create --region RegionOne \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
+ volume
fi
#
# Image service
#
-GLANCE_SERVICE=$(get_id \
-keystone service-create --name=glance \
- --type=image \
- --description="Glance Image Service")
+openstack service create --name=glance \
+ --description="Glance Image Service" \
+ image
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
+ openstack endpoint create --region RegionOne \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" \
+ glance
fi
#
# EC2 service
#
-EC2_SERVICE=$(get_id \
-keystone service-create --name=ec2 \
- --type=ec2 \
- --description="EC2 Compatibility Layer")
+openstack service create --name=ec2 \
+ --description="EC2 Compatibility Layer" \
+ ec2
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
+ openstack endpoint create --region RegionOne \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" \
+ ec2
fi
#
# Swift service
#
-SWIFT_SERVICE=$(get_id \
-keystone service-create --name=swift \
- --type="object-store" \
- --description="Swift Service")
+openstack service create --name=swift \
+ --description="Swift Object Storage Service" \
+ object-store
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
+ openstack endpoint create --region RegionOne \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
+ swift
+fi
+
+#
+# Neutron service
+#
+openstack service create --name=neutron \
+ --description="Neutron Network Service" \
+ network
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+ openstack endpoint create --region RegionOne \
+ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
+ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" \
+ neutron
fi
# create ec2 creds and parse the secret and access key returned
-RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
+ADMIN_USER=$(get_id openstack user show admin)
+RESULT=$(openstack ec2 credentials create --project service --user $ADMIN_USER)
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`