Update dev docs and sample script for v3/bootstrap

The default value for the admin_token parameter was removed from the sample config file in ea952bd2, so the recommendation in the developer documentation to use it without first setting it will result in an error. This patch updates the developer documentation and the sample_data.sh script to use the Identity v3 API and to follow the latest recommendations for bootstrapping an admin user with which to insert sample data. Change-Id: I424ff6129d4ddcd63fb2bed4eabcbe910ab0153e
2016-03-09 15:00:42 -08:00 · 2016-03-09 15:00:42 -08:00 · f7983d4bdf
parent 913f81ddf1
commit f7983d4bdf
2 changed files with 56 additions and 74 deletions
--- a/doc/source/developing.rst
+++ b/doc/source/developing.rst
@ -198,18 +198,21 @@ data for use with keystone:

 .. code-block:: bash

-    $ OS_TOKEN=ADMIN tools/sample_data.sh
-
-Notice it requires a service token read from an environment variable for
-authentication.  The default value "ADMIN" is from the ``admin_token``
-option in the ``[DEFAULT]`` section in ``etc/keystone.conf``.
+    $ ADMIN_PASSWORD=s3cr3t tools/sample_data.sh

 Once run, you can see the sample data that has been created by using the
 `openstackclient`_ command-line interface:

 .. code-block:: bash

-    $ openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ user list
+    $ export OS_USERNAME=admin
+    $ export OS_PASSWORD=s3cr3t
+    $ export OS_PROJECT_NAME=admin
+    $ export OS_USER_DOMAIN_ID=default
+    $ export OS_PROJECT_DOMAIN_ID=default
+    $ export OS_IDENTITY_API_VERSION=3
+    $ export OS_AUTH_URL=http://localhost:5000/v3
+    $ openstack user list

 The `openstackclient`_ can be installed using the following:

--- a/tools/sample_data.sh
+++ b/tools/sample_data.sh
@ -19,9 +19,8 @@
 # This script is based on the original DevStack keystone_data.sh script.
 #
 # It demonstrates how to bootstrap Keystone with an administrative user
-# using the OS_TOKEN and OS_URL environment variables and the administrative
-# API.  It will get the admin_token (OS_TOKEN) and admin_port from
-# keystone.conf if available.
+# using the `keystone-manage bootstrap` command.  It will get the admin_port
+# from keystone.conf if available.
 #
 # Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
 # Use this with the Catalog Templated backend.
@ -75,11 +74,6 @@ fi

 # Extract some info from Keystone's configuration file
 if [[ -r "$KEYSTONE_CONF" ]]; then
-    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
-    if [[ -z "${CONFIG_SERVICE_TOKEN}" ]]; then
-        # default config options are commented out, so lets try those
-        CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_token= | cut -d'=' -f2)
-    fi
    CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
    if [[ -z "${CONFIG_ADMIN_PORT}" ]]; then
        # default config options are commented out, so lets try those
@ -87,26 +81,24 @@ if [[ -r "$KEYSTONE_CONF" ]]; then
    fi
 fi

-export OS_TOKEN=${OS_TOKEN:-$CONFIG_SERVICE_TOKEN}
-if [[ -z "$OS_TOKEN" ]]; then
-    echo "No service token found."
-    echo "Set OS_TOKEN manually from keystone.conf admin_token."
-    exit 1
-fi
-
-export OS_URL=${OS_URL:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
+export OS_USERNAME=admin
+export OS_PASSWORD=$ADMIN_PASSWORD
+export OS_PROJECT_NAME=admin
+export OS_USER_DOMAIN_ID=default
+export OS_PROJECT_DOMAIN_ID=default
+export OS_IDENTITY_API_VERSION=3
+export OS_AUTH_URL=http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v3

 function get_id () {
    echo `"$@" | grep ' id ' | awk '{print $4}'`
 }

-#
-# Roles
-#
-
-openstack role create admin
-
-openstack role create service
+export OS_BOOTSTRAP_PASSWORD=$ADMIN_PASSWORD
+export OS_BOOTSTRAP_REGION_ID=RegionOne
+export OS_BOOTSTRAP_ADMIN_URL="http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v3"
+export OS_BOOTSTRAP_PUBLIC_URL="http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v3"
+export OS_BOOTSTRAP_INTERNAL_URL="http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v3"
+keystone-manage bootstrap

 #
 # Default tenant
@ -114,16 +106,11 @@ openstack role create service
 openstack project create demo \
                         --description "Default Tenant"

-openstack user create admin --project demo \
-                      --password "${ADMIN_PASSWORD}"
-
-openstack role add --user admin \
-                   --project demo\
-                   admin
-
 #
 # Service tenant
 #
+openstack role create service
+
 openstack project create service \
                  --description "Service Tenant"

@ -162,20 +149,6 @@ openstack role add --user neutron \
                   --project service \
                   service

-#
-# Keystone service
-#
-openstack service create --name keystone \
-                         --description "Keystone Identity Service" \
-                         identity
-if [[ -z "$DISABLE_ENDPOINTS" ]]; then
-    openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" \
-        keystone
-fi
-
 #
 # Nova service
 #
@ -184,10 +157,11 @@ openstack service create --name=nova \
                         compute
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
    openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
-        nova
+        compute public "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s"
+    openstack endpoint create --region RegionOne \
+        compute admin "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s"
+    openstack endpoint create --region RegionOne \
+        compute internal "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s"
 fi

 #
@ -198,10 +172,11 @@ openstack service create --name=volume \
                         volume
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
    openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
-        volume
+        volume public "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s"
+    openstack endpoint create --region RegionOne \
+        volume admin "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s"
+    openstack endpoint create --region RegionOne \
+        volume internal "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
 fi

 #
@ -212,10 +187,11 @@ openstack service create --name=glance \
                         image
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
    openstack endpoint create --region RegionOne  \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" \
-        glance
+        image public "http://$CONTROLLER_PUBLIC_ADDRESS:9292"
+    openstack endpoint create --region RegionOne  \
+        image admin "http://$CONTROLLER_ADMIN_ADDRESS:9292"
+    openstack endpoint create --region RegionOne  \
+        image internal "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
 fi

 #
@ -226,10 +202,11 @@ openstack service create --name=ec2 \
                         ec2
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
    openstack endpoint create --region RegionOne \
-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" \
-        ec2
+        ec2 public "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud"
+    openstack endpoint create --region RegionOne \
+        ec2 admin "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin"
+    openstack endpoint create --region RegionOne \
+        ec2 internal "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
 fi

 #
@ -240,10 +217,11 @@ openstack service create --name=swift \
                         object-store
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
    openstack endpoint create --region RegionOne \
-        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
-        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
-        swift
+        object-store public "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
+    openstack endpoint create --region RegionOne \
+        object-store admin "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1"
+    openstack endpoint create --region RegionOne \
+        object-store internal "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
 fi

 #
@ -254,10 +232,11 @@ openstack service create --name=neutron \
                         network
 if [[ -z "$DISABLE_ENDPOINTS" ]]; then
    openstack endpoint create --region RegionOne \
-        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
-        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" \
-        neutron
+        network public "http://$CONTROLLER_PUBLIC_ADDRESS:9696"
+    openstack endpoint create --region RegionOne \
+        network admin "http://$CONTROLLER_ADMIN_ADDRESS:9696"
+    openstack endpoint create --region RegionOne \
+        network internal "http://$CONTROLLER_INTERNAL_ADDRESS:9696"
 fi

 # create ec2 creds and parse the secret and access key returned