keystone/patches/launchpad-1459816+.patch

6033N/AThe following in-house jumbo patch constitutes the upstream changes in
6033N/AKilo for the following changesets
6033N/A
6033N/A    fa43b6f6d196ea7780de4530c1d59bd43bc0b6de
6033N/A    82449dd550b4724fc90e1f2c16ae5f3237eebd25
6033N/A    e614b299408b65a6558888b1f4930a9b641f1920
6033N/A    6cd2e5eccdad0005c4a69d85aa6918cfc33062c5
6033N/A    19f3ad9eca9e9d73e6a147b06d66d4dcb66d2934
6033N/A
6033N/Awhich address a number of issues with tools/sample_data.sh including
6033N/Aswitching from the deprecated keystoneclient to the new openstackclient
6033N/Acommands.
6033N/A
6033N/Acommit fa43b6f6d196ea7780de4530c1d59bd43bc0b6de
6033N/AAuthor: phil-hopkins-a <phil.hopkins@rackspace.com>
6033N/ADate:   Thu May 28 15:34:57 2015 -0500
6033N/A
6033N/A    updates sample_data script to use the new openstack commands
6033N/A
6033N/A    Cleans up the sample_data script to replace the keystoneclient commands
6033N/A    with the new openstackclient commands
6033N/A
6033N/A    Change-Id: Id68ff2b466e582a0c2f4418d173f7d63c14f5f37
6033N/A    Closes-Bug: #1459816
6033N/A
6033N/Acommit 82449dd550b4724fc90e1f2c16ae5f3237eebd25
6033N/AAuthor: Eric Brown <browne@vmware.com>
6033N/ADate:   Sun Jul 12 22:47:27 2015 -0700
6033N/A
6033N/A    Replace reference of ksc with osc
6033N/A
6033N/A    The leading comment in sample_data.sh still references the old
6033N/A    python-keystoneclient when its python-openstackclient that is
6033N/A    used to populate sample data.
6033N/A
6033N/A    This patch also makes a minor fix of the Swift service description.
6033N/A
6033N/A    TrivialFix
6033N/A
6033N/A    Change-Id: Ie4f5729dcc0b3a6164470d11ba91ddaaec0bb022
6033N/A
6033N/Acommit e614b299408b65a6558888b1f4930a9b641f1920
6033N/AAuthor: Ghe Rivero <ghe.rivero@hp.com>
6033N/ADate:   Sat Aug 1 05:00:05 2015 +0200
6033N/A
6033N/A    Update exported variables for openstack client
6033N/A
6033N/A    When using openstack client to populate an initial keystone
6033N/A    deployment, instead of the former keystone client, the env.
6033N/A    variables needed are OS_TOKEN and OS_URL instead of the
6033N/A    previous OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT
6033N/A
6033N/A    Change-Id: I79dcd56896945267cf1c8ff4378ffff63048e155
6033N/A
6033N/Acommit 6cd2e5eccdad0005c4a69d85aa6918cfc33062c5
6033N/AAuthor: Ghe Rivero <ghe.rivero@hp.com>
6033N/ADate:   Sat Aug 1 05:16:28 2015 +0200
6033N/A
6033N/A    Missing ADMIN_USER in sample_data.sh
6033N/A
6033N/A    When moving from keystone to openstack client, the initialization of
6033N/A    the ADMIN_USER variable was removed, making the script to fail.
6033N/A
6033N/A    Change-Id: Iee2d5b1cbed6c93e335a4b4dbad3034a2f8e29ed
6033N/A
6033N/Acommit 19f3ad9eca9e9d73e6a147b06d66d4dcb66d2934
6033N/AAuthor: Ghe Rivero <ghe.rivero@hp.com>
6033N/ADate:   Sun Aug 2 17:57:37 2015 +0200
6033N/A
6033N/A    Create neutron service in sample_data.sh
6033N/A
6033N/A    With the addition of Neutron to the sample_data.sh script, all services
6033N/A    required by the compute starter kit tag [1] are created (plus swift and ec2
6033N/A    compatible credentials)
6033N/A
6033N/A    [1] http://governance.openstack.org/reference/tags/compute_starter_kit.html
6033N/A
6033N/A    Change-Id: Iebc4f6b005e0466fe60691d964c7dea0e0eee947
6033N/A
6033N/A--- keystone-2015.1.2/doc/source/developing.rst.~1~ 2015-10-13 10:18:02.000000000 -0700
6033N/A+++ keystone-2015.1.2/doc/source/developing.rst 2016-02-05 23:16:41.873683648 -0800
6033N/A@@ -75,6 +75,7 @@ place:
6033N/A     $ bin/keystone-manage db_sync
6033N/A
6033N/A .. _`python-keystoneclient`: https://github.com/openstack/python-keystoneclient
6033N/A+.. _`openstackclient`: https://git.openstack.org/cgit/openstack/python-openstackclient
6033N/A
6033N/A If the above commands result in a ``KeyError``, or they fail on a
6033N/A ``.pyc`` file with the message, ``You can only have one Python script per
6033N/A@@ -158,18 +159,24 @@ data for use with keystone:
6033N/A
6033N/A .. code-block:: bash
6033N/A
6033N/A-    $ OS_SERVICE_TOKEN=ADMIN tools/with_venv.sh tools/sample_data.sh
6033N/A+    $ OS_TOKEN=ADMIN tools/with_venv.sh tools/sample_data.sh
6033N/A
6033N/A Notice it requires a service token read from an environment variable for
6033N/A authentication.  The default value "ADMIN" is from the ``admin_token``
6033N/A option in the ``[DEFAULT]`` section in ``etc/keystone.conf``.
6033N/A
6033N/A Once run, you can see the sample data that has been created by using the
6033N/A-`python-keystoneclient`_ command-line interface:
6033N/A+`openstackclient`_ command-line interface:
6033N/A
6033N/A .. code-block:: bash
6033N/A
6033N/A-    $ tools/with_venv.sh keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0/ user-list
6033N/A+    $ tools/with_venv.sh openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ user list
6033N/A+
6033N/A+The `openstackclient`_ can be installed using the following:
6033N/A+
6033N/A+.. code-block:: bash
6033N/A+
6033N/A+    $ tools/with_venv.sh pip install python-openstackclient
6033N/A
6033N/A Filtering responsibilities between controllers and drivers
6033N/A ----------------------------------------------------------
6033N/A--- keystone-2015.1.2/tools/sample_data.sh.~1~  2015-10-13 10:18:02.000000000 -0700
6033N/A+++ keystone-2015.1.2/tools/sample_data.sh  2016-02-05 23:16:41.875371581 -0800
6033N/A@@ -14,14 +14,14 @@
6033N/A # License for the specific language governing permissions and limitations
6033N/A # under the License.
6033N/A
6033N/A-# Sample initial data for Keystone using python-keystoneclient
6033N/A+# Sample initial data for Keystone using python-openstackclient
6033N/A #
6033N/A # This script is based on the original DevStack keystone_data.sh script.
6033N/A #
6033N/A # It demonstrates how to bootstrap Keystone with an administrative user
6033N/A-# using the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
6033N/A-# and the administrative API.  It will get the admin_token (OS_SERVICE_TOKEN)
6033N/A-# and admin_port from keystone.conf if available.
6033N/A+# using the OS_TOKEN and OS_URL environment variables and the administrative
6033N/A+# API.  It will get the admin_token (OS_TOKEN) and admin_port from
6033N/A+# keystone.conf if available.
6033N/A #
6033N/A # Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
6033N/A # Use this with the Catalog Templated backend.
6033N/A@@ -36,17 +36,25 @@
6033N/A # service              nova      admin
6033N/A # service              ec2       admin
6033N/A # service              swift     admin
6033N/A+# service              neutron   admin
6033N/A
6033N/A # By default, passwords used are those in the OpenStack Install and Deploy Manual.
6033N/A # One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
6033N/A # environment variables. A common default password for all the services can be used by
6033N/A # setting the "SERVICE_PASSWORD" environment variable.
6033N/A
6033N/A+# Test to verify that the openstackclient is installed, if not exit
6033N/A+type openstack >/dev/null 2>&1 || {
6033N/A+    echo >&2 "openstackclient is not installed. Please install it to use this script. Aborting."
6033N/A+    exit 1
6033N/A+    }
6033N/A+
6033N/A ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
6033N/A NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}
6033N/A GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}
6033N/A EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
6033N/A SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
6033N/A+NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}
6033N/A
6033N/A CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
6033N/A CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
6033N/A@@ -79,14 +87,14 @@ if [[ -r "$KEYSTONE_CONF" ]]; then
6033N/A     fi
6033N/A fi
6033N/A
6033N/A-export OS_SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
6033N/A-if [[ -z "$OS_SERVICE_TOKEN" ]]; then
6033N/A+export OS_TOKEN=${OS_TOKEN:-$CONFIG_SERVICE_TOKEN}
6033N/A+if [[ -z "$OS_TOKEN" ]]; then
6033N/A     echo "No service token found."
6033N/A-    echo "Set OS_SERVICE_TOKEN manually from keystone.conf admin_token."
6033N/A+    echo "Set OS_TOKEN manually from keystone.conf admin_token."
6033N/A     exit 1
6033N/A fi
6033N/A
6033N/A-export OS_SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
6033N/A+export OS_URL=${OS_URL:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
6033N/A
6033N/A function get_id () {
6033N/A     echo `"$@" | grep ' id ' | awk '{print $4}'`
6033N/A@@ -95,141 +103,160 @@ function get_id () {
6033N/A #
6033N/A # Default tenant
6033N/A #
6033N/A-DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
6033N/A-                                            --description "Default Tenant")
6033N/A+openstack project create demo \
6033N/A+                         --description "Default Tenant"
6033N/A
6033N/A-ADMIN_USER=$(get_id keystone user-create --name=admin \
6033N/A-                                         --pass="${ADMIN_PASSWORD}")
6033N/A+openstack user create admin --project demo \
6033N/A+                      --password "${ADMIN_PASSWORD}"
6033N/A
6033N/A-ADMIN_ROLE=$(get_id keystone role-create --name=admin)
6033N/A+openstack role create admin
6033N/A
6033N/A-keystone user-role-add --user-id $ADMIN_USER \
6033N/A-                       --role-id $ADMIN_ROLE \
6033N/A-                       --tenant-id $DEMO_TENANT
6033N/A+openstack role add --user admin \
6033N/A+                   --project demo\
6033N/A+                   admin
6033N/A
6033N/A #
6033N/A # Service tenant
6033N/A #
6033N/A-SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
6033N/A-                                               --description "Service Tenant")
6033N/A+openstack project create service \
6033N/A+                  --description "Service Tenant"
6033N/A+
6033N/A+openstack user create glance --project service\
6033N/A+                      --password "${GLANCE_PASSWORD}"
6033N/A+
6033N/A+openstack role add --user glance \
6033N/A+                   --project service \
6033N/A+                   admin
6033N/A+
6033N/A+openstack user create nova --project service\
6033N/A+                      --password "${NOVA_PASSWORD}"
6033N/A+
6033N/A+openstack role add --user nova \
6033N/A+                   --project service \
6033N/A+                   admin
6033N/A+
6033N/A+openstack user create ec2 --project service \
6033N/A+                      --password "${EC2_PASSWORD}"
6033N/A+
6033N/A+openstack role add --user ec2 \
6033N/A+                   --project service \
6033N/A+                   admin
6033N/A
6033N/A-GLANCE_USER=$(get_id keystone user-create --name=glance \
6033N/A-                                          --pass="${GLANCE_PASSWORD}")
6033N/A+openstack user create swift --project service \
6033N/A+                      --password "${SWIFT_PASSWORD}" \
6033N/A
6033N/A-keystone user-role-add --user-id $GLANCE_USER \
6033N/A-                       --role-id $ADMIN_ROLE \
6033N/A-                       --tenant-id $SERVICE_TENANT
6033N/A-
6033N/A-NOVA_USER=$(get_id keystone user-create --name=nova \
6033N/A-                                        --pass="${NOVA_PASSWORD}" \
6033N/A-                                        --tenant-id $SERVICE_TENANT)
6033N/A-
6033N/A-keystone user-role-add --user-id $NOVA_USER \
6033N/A-                       --role-id $ADMIN_ROLE \
6033N/A-                       --tenant-id $SERVICE_TENANT
6033N/A-
6033N/A-EC2_USER=$(get_id keystone user-create --name=ec2 \
6033N/A-                                       --pass="${EC2_PASSWORD}" \
6033N/A-                                       --tenant-id $SERVICE_TENANT)
6033N/A-
6033N/A-keystone user-role-add --user-id $EC2_USER \
6033N/A-                       --role-id $ADMIN_ROLE \
6033N/A-                       --tenant-id $SERVICE_TENANT
6033N/A-
6033N/A-SWIFT_USER=$(get_id keystone user-create --name=swift \
6033N/A-                                         --pass="${SWIFT_PASSWORD}" \
6033N/A-                                         --tenant-id $SERVICE_TENANT)
6033N/A-
6033N/A-keystone user-role-add --user-id $SWIFT_USER \
6033N/A-                       --role-id $ADMIN_ROLE \
6033N/A-                       --tenant-id $SERVICE_TENANT
6033N/A+openstack role add --user swift \
6033N/A+                   --project service \
6033N/A+                   admin
6033N/A+
6033N/A+openstack user create neutron --project service \
6033N/A+                      --password "${NEUTRON_PASSWORD}" \
6033N/A+
6033N/A+openstack role add --user neutron \
6033N/A+                   --project service \
6033N/A+                   admin
6033N/A
6033N/A #
6033N/A # Keystone service
6033N/A #
6033N/A-KEYSTONE_SERVICE=$(get_id \
6033N/A-keystone service-create --name=keystone \
6033N/A-                        --type=identity \
6033N/A-                        --description="Keystone Identity Service")
6033N/A+openstack service create --name keystone \
6033N/A+                         --description "Keystone Identity Service" \
6033N/A+                         identity
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A-    keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
6033N/A         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
6033N/A+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" \
6033N/A+        keystone
6033N/A fi
6033N/A
6033N/A #
6033N/A # Nova service
6033N/A #
6033N/A-NOVA_SERVICE=$(get_id \
6033N/A-keystone service-create --name=nova \
6033N/A-                        --type=compute \
6033N/A-                        --description="Nova Compute Service")
6033N/A+openstack service create --name=nova \
6033N/A+                         --description="Nova Compute Service" \
6033N/A+                         compute
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A-    keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
6033N/A         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s"
6033N/A+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
6033N/A+        nova
6033N/A fi
6033N/A
6033N/A #
6033N/A # Volume service
6033N/A #
6033N/A-VOLUME_SERVICE=$(get_id \
6033N/A-keystone service-create --name=volume \
6033N/A-                        --type=volume \
6033N/A-                        --description="Nova Volume Service")
6033N/A+openstack service create --name=volume \
6033N/A+                         --description="Cinder Volume Service" \
6033N/A+                         volume
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A-    keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
6033N/A         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
6033N/A+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
6033N/A+        volume
6033N/A fi
6033N/A
6033N/A #
6033N/A # Image service
6033N/A #
6033N/A-GLANCE_SERVICE=$(get_id \
6033N/A-keystone service-create --name=glance \
6033N/A-                        --type=image \
6033N/A-                        --description="Glance Image Service")
6033N/A+openstack service create --name=glance \
6033N/A+                         --description="Glance Image Service" \
6033N/A+                         image
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A-    keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
6033N/A+    openstack endpoint create --region RegionOne  \
6033N/A         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
6033N/A         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
6033N/A+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" \
6033N/A+        glance
6033N/A fi
6033N/A
6033N/A #
6033N/A # EC2 service
6033N/A #
6033N/A-EC2_SERVICE=$(get_id \
6033N/A-keystone service-create --name=ec2 \
6033N/A-                        --type=ec2 \
6033N/A-                        --description="EC2 Compatibility Layer")
6033N/A+openstack service create --name=ec2 \
6033N/A+                         --description="EC2 Compatibility Layer" \
6033N/A+                         ec2
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A-    keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
6033N/A         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
6033N/A+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" \
6033N/A+        ec2
6033N/A fi
6033N/A
6033N/A #
6033N/A # Swift service
6033N/A #
6033N/A-SWIFT_SERVICE=$(get_id \
6033N/A-keystone service-create --name=swift \
6033N/A-                        --type="object-store" \
6033N/A-                        --description="Swift Service")
6033N/A+openstack service create --name=swift \
6033N/A+                         --description="Swift Object Storage Service" \
6033N/A+                         object-store
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A-    keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A         --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
6033N/A         --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
6033N/A+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
6033N/A+        swift
6033N/A+fi
6033N/A+
6033N/A+#
6033N/A+# Neutron service
6033N/A+#
6033N/A+openstack service create --name=neutron \
6033N/A+                         --description="Neutron Network Service" \
6033N/A+                         network
6033N/A+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A+        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
6033N/A+        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
6033N/A+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" \
6033N/A+        neutron
6033N/A fi
6033N/A
6033N/A # create ec2 creds and parse the secret and access key returned
6033N/A-RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
6033N/A+ADMIN_USER=$(get_id openstack user show admin)
6033N/A+RESULT=$(openstack ec2 credentials create --project service --user $ADMIN_USER)
6033N/A ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
6033N/A ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
6033N/A