Move default Keystone API version to v3

pauloewerton · pauloewerton · commit b162a1d58cde · 2016-01-26T14:27:02.000Z
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.

Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f165
Partially-Implements: bp keystonev3
diff --git a/lib/glance b/lib/glance
@@ -205,7 +205,7 @@ function configure_glance {
     iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
     iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
-    iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
+    iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
     iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
diff --git a/lib/heat b/lib/heat
@@ -167,7 +167,7 @@ function configure_heat {
     iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
 
     # ec2authtoken
-    iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
+    iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v3
 
     # OpenStack API
     iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
@@ -47,7 +47,7 @@ function configure_nova_hypervisor {
     # ironic section
     iniset $NOVA_CONF ironic admin_username admin
     iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
-    iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
+    iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v3
     iniset $NOVA_CONF ironic admin_tenant_name demo
     iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1
 }
diff --git a/lib/tempest b/lib/tempest
@@ -259,6 +259,7 @@ function configure_tempest {
     # Identity
     iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
     iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
+    iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
     if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
         iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME
         iniset $TEMPEST_CONFIG auth admin_password "$password"
@@ -269,10 +270,6 @@ function configure_tempest {
     if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
         # Only Identity v3 is available; then skip Identity API v2 tests
         iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
-        # In addition, use v3 auth tokens for running all Tempest tests
-        iniset $TEMPEST_CONFIG identity auth_version v3
-    else
-        iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
     fi
 
     if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
diff --git a/openrc b/openrc
@@ -77,15 +77,22 @@ KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
 KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
 
 # Identity API version
-export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
 
 # Authenticating against an OpenStack cloud using Keystone returns a **Token**
 # and **Service Catalog**.  The catalog contains the endpoints for all services
 # the user/tenant has access to - including nova, glance, keystone, swift, ...
-# We currently recommend using the 2.0 *identity api*.
+# We currently recommend using the version 3 *identity api*.
 #
 export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
 
+# Currently, in order to use openstackclient with Identity API v3,
+# we need to set the domain which the user and project belong to.
+if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
+    export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
+    export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
+fi
+
 # Set OS_CACERT to a default CA certificate chain if it exists.
 if [[ ! -v OS_CACERT ]] ; then
     DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
diff --git a/stackrc b/stackrc
@@ -130,7 +130,7 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then
 fi
 
 # Configure Identity API version: 2.0, 3
-IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
 
 # Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
 # deployment will be deploying the Identity v2 pipelines. If this option is set
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
@@ -133,7 +133,7 @@ if [ -z "$OS_USERNAME" ]; then
 fi
 
 if [ -z "$OS_AUTH_URL" ]; then
-    export OS_AUTH_URL=http://localhost:5000/v2.0/
+    export OS_AUTH_URL=http://localhost:5000/v3/
 fi
 
 if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
@@ -236,7 +236,7 @@ export EC2_PRIVATE_KEY="$ec2_private_key"
 export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
 export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
 export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
-export OS_AUTH_TYPE=v2password
+export OS_AUTH_TYPE=v3password
 EOF
     if [ -n "$ADDPASS" ]; then
         echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ function configure_nova_hypervisor {`
`47`	`47`	`# ironic section`
`48`	`48`	`iniset $NOVA_CONF ironic admin_username admin`
`49`	`49`	`iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD`
`50`		`- iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0`
	`50`	`+ iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v3`
`51`	`51`	`iniset $NOVA_CONF ironic admin_tenant_name demo`
`52`	`52`	`iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1`
`53`	`53`	`}`