diff --git a/deploy-guide/source/configure-openstack.rst b/deploy-guide/source/configure-openstack.rst index 6b0b83f..ca6f5de 100644 --- a/deploy-guide/source/configure-openstack.rst +++ b/deploy-guide/source/configure-openstack.rst @@ -32,27 +32,19 @@ Create the admin user environment To gain control of the cloud the Keystone administrator password and the root CA certificate are needed. This information can be most easily obtained by -using files created and maintained for this purpose. They can be found in the -`openstack-bundles`_ repository. +using a file that is created for this purpose - often called an "openrc" file. -Download the repository and source the ``openrc`` file: +Download the :download:`openrc ` file and store it in a safe place. + +When you want to use this file, source it. Assuming it's now in your home +directory: .. code-block:: none - git clone https://github.com/openstack-charmers/openstack-bundles ~/openstack-bundles - source ~/openstack-bundles/stable/openstack-base/openrc + source ~/openrc -.. note:: - - For informational purposes, sourcing the file will result in the execution - of these two commands (to obtain the CA certificate and password): - - .. code-block:: none - - juju exec -m openstack --unit vault/leader 'leader-get root-ca' - juju exec -m openstack --unit keystone/leader 'leader-get admin_passwd' - -The admin user environment should also now be set up. Verify this: +The admin user environment should now be set up. Verify this with the +:command:`env` command: .. code-block:: none @@ -416,6 +408,5 @@ As next steps, consider browsing these documentation sources: * `OpenStack Administrator Guides`_: upstream OpenStack administrative help .. LINKS -.. _openstack-bundles: https://github.com/openstack-charmers/openstack-bundles .. _Reserved IP range: https://maas.io/docs/concepts-and-terms#heading--ip-ranges .. _OpenStack Administrator Guides: http://docs.openstack.org/user-guide-admin/content diff --git a/deploy-guide/source/openrc b/deploy-guide/source/openrc new file mode 100644 index 0000000..21dee9a --- /dev/null +++ b/deploy-guide/source/openrc @@ -0,0 +1,50 @@ +# Navigate Juju 2.9/3.x +JUJU_VERSION=$(juju version | cut -c 1) + +if [ $JUJU_VERSION -eq 2 ]; then + RUN="run" +else + RUN="exec" +fi + +# Place the cloud's CA certificate in a file readable by the openstackclients snap +_snap_user_dir=~/snap/openstackclients/common +if [ ! -d $_snap_user_dir ]; then + mkdir $_snap_user_dir +fi +_root_ca=$_snap_user_dir/root-ca.crt +juju ${RUN} -u vault/leader -- 'leader-get root-ca' | tee $_root_ca >/dev/null 2>&1 + +# Find an IP address for Keystone +_keystone_vip=$(juju config keystone vip) +if [ -n "$_keystone_vip" ]; then + _keystone_ip=$(echo $_keystone_vip | awk '{print $1}') +else + _keystone_ip=$(juju ${RUN} -u keystone/leader -- 'network-get --bind-address public') +fi + +# Query for the Keystone admin password +_password=$(juju ${RUN} -u keystone/leader -- 'leader-get admin_passwd') + +# Unset possible undercloud environment variables +unset "${!OS_*}" + +# Set the OpenStack environment variables +export OS_AUTH_PROTOCOL=https +export OS_CACERT=${_root_ca} +export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://${_keystone_ip}:5000/v3 +export OS_USERNAME=admin +export OS_PASSWORD=${_password} +export OS_USER_DOMAIN_NAME=admin_domain +export OS_PROJECT_DOMAIN_NAME=admin_domain +export OS_PROJECT_NAME=admin +export OS_REGION_NAME=RegionOne +export OS_IDENTITY_API_VERSION=3 +# Swift needs this +export OS_AUTH_VERSION=3 +# Gnocchi needs this +export OS_AUTH_TYPE=password + +echo "To print the values to screen (including the admin password):" +echo +echo " env | grep OS_"