diff --git a/admin-openrc b/admin-openrc old mode 100755 new mode 100644 index 6163f30..5d35277 --- a/admin-openrc +++ b/admin-openrc @@ -1,62 +1,32 @@ -#!/usr/bin/env bash -# To use an OpenStack cloud you need to authenticate against the Identity -# service named keystone, which returns a **Token** and **Service Catalog**. -# The catalog contains the endpoints for all services the user/tenant has -# access to - such as Compute, Image Service, Identity, Object Storage, -# Block Storage, and Networking (code-named nova, glance, keystone, swift, -# cinder, and neutron). -# -# *NOTE*: Using the 3 *Identity API* does not necessarily mean any other -# OpenStack API is version 3. For example, your cloud provider may -# implement Image API v1.1, Block Storage API v2, and Compute API v2.0. -# OS_AUTH_URL is only for the Identity API served through keystone. +# Unset any previous variables +unset $(printenv | awk 'BEGIN{FS="=";} /^OS_/ {print $1;}') -# Name of the model where you've deployed your openstack-base charm -juju_model=openstack-base - -# Let's get the IP of the keystone unit, so we can use it to auth -OS_AUTH_IP=$(juju status -m "$juju_model" --format json | jq -r '.applications[] | select(."charm-name" == "keystone").units."keystone/0"."public-address"') -export OS_AUTH_URL=http://${OS_AUTH_IP}:5000/v3 - -# With the addition of Keystone we have standardized on the term **project** -# as the entity that owns the resources. -export OS_PROJECT_NAME="admin" -export OS_USER_DOMAIN_NAME="admin_domain" - -# Extract MySQL password, for use in extracting PROJECT_ID and -# PROJECT_DOMAIN_ID below -mysql_cmd_prefix="mysql -ss -N -u root" -mysql_auth="$(juju run -m "$juju_model" --unit mysql/0 leader-get root-password)" - -# If the variable is empty, let's unset it vs. leaving it around with an -# empty value. -if [ -z "$OS_USER_DOMAIN_NAME" ]; then - unset OS_USER_DOMAIN_NAME; +keystone_addr=$(juju config keystone vip) +if [ -z "$keystone_addr" ]; then + keystone_addr=$(juju run --unit keystone/0 unit-get private-address) fi -# These are toothy, but we grab the OS_USER_DOMAIN_NAME from unit mysql/0, -# then use that as the key to the OS_PROJECT_ID field by querying the db -# again. The original method used 'juju ssh', which was a bit slow, so -# switched to using 'juju run' instead. -export OS_PROJECT_DOMAIN_ID=$(juju run -m "$juju_model" --unit mysql/0 MYSQL_PWD="$mysql_auth $mysql_cmd_prefix -e 'select id from project where name=\"$OS_USER_DOMAIN_NAME\";' keystone" | tr -d \\r) -export OS_PROJECT_ID=$(juju run -m "$juju_model" --unit mysql/0 MYSQL_PWD="$mysql_auth $mysql_cmd_prefix -e 'select id from project where domain_id=\"$OS_PROJECT_DOMAIN_ID\";' keystone" | tr -d \\r) - -# Unset potential empty variable -if [ -z "$OS_PROJECT_DOMAIN_ID" ]; then - unset OS_PROJECT_DOMAIN_ID; +ssl_cert=$(juju config keystone ssl_cert) +if [ -n "$ssl_cert" ]; then + export OS_AUTH_PROTOCOL=https fi -export OS_USERNAME="admin" -export OS_PASSWORD=$(juju run -m "$juju_model" --unit keystone/0 leader-get admin_passwd) +export OS_USERNAME=admin +export OS_PASSWORD=$(juju run --unit keystone/0 leader-get admin_passwd) +export OS_PROJECT_NAME=admin +export OS_REGION_NAME=RegionOne -# If your configuration has multiple regions, we set that information here. -# OS_REGION_NAME is optional and only valid in certain environments. -export OS_REGION_NAME="RegionOne" - -# Unset potential empty variable -if [ -z "$OS_REGION_NAME" ]; then - unset OS_REGION_NAME; -fi - -export OS_INTERFACE=public +api_ver="$(juju config keystone preferred-api-version)" +rel="$(juju config keystone openstack-origin| sed -r 's/.+-(.+)/\1/g')" +rel="$(echo -e "$rel\nqueens"| sort | head -n 1)" +series=$(juju status keystone --format=json | jq -r '.machines[].series') +if [ "$api_ver" = "3" ] || [[ "${rel%%/*}" > "pike" ]] || \ + { [[ "$series" > "artful" ]] && [[ "$series" < "trusty" ]]; }; then +export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://${keystone_addr}:5000/v3 +export OS_PROJECT_DOMAIN_NAME=admin_domain +export OS_USER_DOMAIN_NAME=admin_domain export OS_IDENTITY_API_VERSION=3 +else +export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://${keystone_addr}:5000/v2.0 +fi +