diff options
author | Mihai Prica <prica.mihai@gmail.com> | 2013-06-11 14:33:50 +0300 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2013-08-28 18:41:56 -0400 |
commit | c7593c10415bcbc613b3b2b9d5dc7f2a19b88f24 (patch) | |
tree | 34c4d9d0d31fc4c516d37a28dac24395b5acce70 /meta-openstack/recipes-devtools/python/python-keystone | |
parent | 9edb63604d5ff6d32f5abc788acef07b015a4d59 (diff) | |
download | meta-cloud-services-c7593c10415bcbc613b3b2b9d5dc7f2a19b88f24.tar.gz |
python-keystone: Initialized Identity Service
The identity.sh script creates all the users and other
configurations for the openstack services. The openrc
file contains some environment variables that are used
by the openstack CLI commands.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-keystone')
3 files changed, 77 insertions, 1 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh new file mode 100644 index 0000000..78d5099 --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh | |||
@@ -0,0 +1,70 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # Modify these variables as needed | ||
4 | ADMIN_PASSWORD=${ADMIN_PASSWORD:-password} | ||
5 | SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD} | ||
6 | DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD} | ||
7 | export OS_SERVICE_TOKEN="password" | ||
8 | export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0" | ||
9 | SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service} | ||
10 | # | ||
11 | MYSQL_USER=keystone | ||
12 | MYSQL_DATABASE=keystone | ||
13 | MYSQL_HOST=localhost | ||
14 | MYSQL_PASSWORD=password | ||
15 | # | ||
16 | KEYSTONE_REGION=RegionOne | ||
17 | KEYSTONE_HOST=localhost | ||
18 | |||
19 | # Shortcut function to get a newly generated ID | ||
20 | function get_field() { | ||
21 | while read data; do | ||
22 | if [ "$1" -lt 0 ]; then | ||
23 | field="(\$(NF$1))" | ||
24 | else | ||
25 | field="\$$(($1 + 1))" | ||
26 | fi | ||
27 | echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}" | ||
28 | done | ||
29 | } | ||
30 | |||
31 | # Tenants | ||
32 | ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2) | ||
33 | DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id " | get_field 2) | ||
34 | SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2) | ||
35 | |||
36 | # Users | ||
37 | ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com | grep " id " | get_field 2) | ||
38 | DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id " | get_field 2) | ||
39 | NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com | grep " id " | get_field 2) | ||
40 | GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com | grep " id " | get_field 2) | ||
41 | QUANTUM_USER=$(keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=quantum@domain.com | grep " id " | get_field 2) | ||
42 | CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com | grep " id " | get_field 2) | ||
43 | |||
44 | # Roles | ||
45 | ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2) | ||
46 | MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2) | ||
47 | |||
48 | # Add Roles to Users in Tenants | ||
49 | keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT | ||
50 | keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE | ||
51 | keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE | ||
52 | keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE | ||
53 | keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE | ||
54 | keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE | ||
55 | |||
56 | # Create services | ||
57 | COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2) | ||
58 | VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2) | ||
59 | IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2) | ||
60 | IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2) | ||
61 | EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2) | ||
62 | NETWORK_SERVICE=$(keystone service-create --name quantum --type network --description 'OpenStack Networking service' | grep " id " | get_field 2) | ||
63 | |||
64 | # Create endpoints | ||
65 | keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' | ||
66 | keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' | ||
67 | keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9292/v2' --adminurl 'http://'"$KEYSTONE_HOST"':9292/v2' --internalurl 'http://'"$KEYSTONE_HOST"':9292/v2' | ||
68 | keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' | ||
69 | keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' | ||
70 | keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9696/' --adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl 'http://'"$KEYSTONE_HOST"':9696/' | ||
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf index c58f3d4..e25af40 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf | |||
@@ -1,6 +1,6 @@ | |||
1 | [DEFAULT] | 1 | [DEFAULT] |
2 | # A "shared secret" between keystone and other openstack services | 2 | # A "shared secret" between keystone and other openstack services |
3 | # admin_token = ADMIN | 3 | admin_token=password |
4 | 4 | ||
5 | # The IP address of the network interface to listen on | 5 | # The IP address of the network interface to listen on |
6 | # bind_host = 0.0.0.0 | 6 | # bind_host = 0.0.0.0 |
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/openrc b/meta-openstack/recipes-devtools/python/python-keystone/openrc new file mode 100644 index 0000000..b189d0e --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/openrc | |||
@@ -0,0 +1,6 @@ | |||
1 | export OS_TENANT_NAME=admin | ||
2 | export OS_USERNAME=admin | ||
3 | export OS_PASSWORD=password | ||
4 | export OS_AUTH_URL="http://localhost:5000/v2.0/" | ||
5 | export SERVICE_ENDPOINT="http://localhost:35357/v2.0" | ||
6 | export SERVICE_TOKEN=password | ||