python-keystone: Initialized Identity Service

The identity.sh script creates all the users and other configurations for the openstack services. The openrc file contains some environment variables that are used by the openstack CLI commands. Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
author: Mihai Prica <prica.mihai@gmail.com> 2013-06-11 14:33:50 +0300
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2013-08-28 18:41:56 -0400
commit: c7593c10415bcbc613b3b2b9d5dc7f2a19b88f24 (patch)
tree: 34c4d9d0d31fc4c516d37a28dac24395b5acce70 /meta-openstack/recipes-devtools/python/python-keystone
parent: 9edb63604d5ff6d32f5abc788acef07b015a4d59 (diff)
download: meta-cloud-services-c7593c10415bcbc613b3b2b9d5dc7f2a19b88f24.tar.gz
3 files changed, 77 insertions, 1 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
new file mode 100644
index 0000000..78d5099
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+# Modify these variables as needed
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
+SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
+DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
+export OS_SERVICE_TOKEN="password"
+export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
+SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
+#
+MYSQL_USER=keystone
+MYSQL_DATABASE=keystone
+MYSQL_HOST=localhost
+MYSQL_PASSWORD=password
+#
+KEYSTONE_REGION=RegionOne
+KEYSTONE_HOST=localhost
+# Shortcut function to get a newly generated ID
+function get_field() {
+    while read data; do
+        if [ "$1" -lt 0 ]; then
+            field="(\$(NF$1))"
+        else
+            field="\$$(($1 + 1))"
+        fi
+        echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
+    done
+}
+# Tenants
+ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2)
+DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id " | get_field 2)
+SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)
+# Users
+ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com | grep " id " | get_field 2)
+DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id " | get_field 2)
+NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com | grep " id " | get_field 2)
+GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com | grep " id " | get_field 2)
+QUANTUM_USER=$(keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=quantum@domain.com | grep " id " | get_field 2)
+CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com | grep " id " | get_field 2)
+# Roles
+ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2)
+MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
+# Add Roles to Users in Tenants
+keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE
+# Create services
+COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2)
+VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2)
+IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2)
+IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2)
+EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2)
+NETWORK_SERVICE=$(keystone service-create --name quantum --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)
+# Create endpoints
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9292/v2' --adminurl 'http://'"$KEYSTONE_HOST"':9292/v2' --internalurl 'http://'"$KEYSTONE_HOST"':9292/v2'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST"':5000/v2.0'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9696/' --adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl 'http://'"$KEYSTONE_HOST"':9696/'
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf
index c58f3d4..e25af40 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf
+++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf
@@ -1,6 +1,6 @@
 [DEFAULT]
 # A "shared secret" between keystone and other openstack services
-# admin_token = ADMIN
+admin_token=password
 # The IP address of the network interface to listen on
 # bind_host = 0.0.0.0
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/openrc b/meta-openstack/recipes-devtools/python/python-keystone/openrc
new file mode 100644
index 0000000..b189d0e
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/openrc
@@ -0,0 +1,6 @@
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=password
+export OS_AUTH_URL="http://localhost:5000/v2.0/"
+export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
+export SERVICE_TOKEN=password
author	Mihai Prica <prica.mihai@gmail.com>	2013-06-11 14:33:50 +0300
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2013-08-28 18:41:56 -0400
commit	c7593c10415bcbc613b3b2b9d5dc7f2a19b88f24 (patch)
tree	34c4d9d0d31fc4c516d37a28dac24395b5acce70 /meta-openstack/recipes-devtools/python/python-keystone
parent	9edb63604d5ff6d32f5abc788acef07b015a4d59 (diff)
download	meta-cloud-services-c7593c10415bcbc613b3b2b9d5dc7f2a19b88f24.tar.gz

diff --git a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh new file mode 100644 index 0000000..78d5099 --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
@@ -0,0 +1,70 @@
		1	#!/bin/bash
		2
		3	# Modify these variables as needed
		4	ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
		5	SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
		6	DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
		7	export OS_SERVICE_TOKEN="password"
		8	export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
		9	SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
		10	#
		11	MYSQL_USER=keystone
		12	MYSQL_DATABASE=keystone
		13	MYSQL_HOST=localhost
		14	MYSQL_PASSWORD=password
		15	#
		16	KEYSTONE_REGION=RegionOne
		17	KEYSTONE_HOST=localhost
		18
		19	# Shortcut function to get a newly generated ID
		20	function get_field() {
		21	while read data; do
		22	if [ "$1" -lt 0 ]; then
		23	field="(\$(NF$1))"
		24	else
		25	field="\$$(($1 + 1))"
		26	fi
		27	echo "$data" \| awk -F'[ \t]\\\|[ \t]' "{print $field}"
		28	done
		29	}
		30
		31	# Tenants
		32	ADMIN_TENANT=$(keystone tenant-create --name=admin \| grep " id " \| get_field 2)
		33	DEMO_TENANT=$(keystone tenant-create --name=demo \| grep " id " \| get_field 2)
		34	SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME \| grep " id " \| get_field 2)
		35
		36	# Users
		37	ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com \| grep " id " \| get_field 2)
		38	DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT \| grep " id " \| get_field 2)
		39	NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com \| grep " id " \| get_field 2)
		40	GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com \| grep " id " \| get_field 2)
		41	QUANTUM_USER=$(keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=quantum@domain.com \| grep " id " \| get_field 2)
		42	CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com \| grep " id " \| get_field 2)
		43
		44	# Roles
		45	ADMIN_ROLE=$(keystone role-create --name=admin \| grep " id " \| get_field 2)
		46	MEMBER_ROLE=$(keystone role-create --name=Member \| grep " id " \| get_field 2)
		47
		48	# Add Roles to Users in Tenants
		49	keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
		50	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
		51	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
		52	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
		53	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
		54	keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE
		55
		56	# Create services
		57	COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' \| grep " id " \| get_field 2)
		58	VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' \| grep " id " \| get_field 2)
		59	IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' \| grep " id " \| get_field 2)
		60	IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' \| grep " id " \| get_field 2)
		61	EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' \| grep " id " \| get_field 2)
		62	NETWORK_SERVICE=$(keystone service-create --name quantum --type network --description 'OpenStack Networking service' \| grep " id " \| get_field 2)
		63
		64	# Create endpoints
		65	keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'
		66	keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'
		67	keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9292/v2' --adminurl 'http://'"$KEYSTONE_HOST"':9292/v2' --internalurl 'http://'"$KEYSTONE_HOST"':9292/v2'
		68	keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST"':5000/v2.0'
		69	keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud'
		70	keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9696/' --adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl 'http://'"$KEYSTONE_HOST"':9696/'


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf index c58f3d4..e25af40 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf
@@ -1,6 +1,6 @@
1	[DEFAULT]	1	[DEFAULT]
2	# A "shared secret" between keystone and other openstack services	2	# A "shared secret" between keystone and other openstack services
3	# admin_token = ADMIN	3	admin_token=password
4		4
5	# The IP address of the network interface to listen on	5	# The IP address of the network interface to listen on
6	# bind_host = 0.0.0.0	6	# bind_host = 0.0.0.0


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/openrc b/meta-openstack/recipes-devtools/python/python-keystone/openrc new file mode 100644 index 0000000..b189d0e --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/openrc
@@ -0,0 +1,6 @@
		1	export OS_TENANT_NAME=admin
		2	export OS_USERNAME=admin
		3	export OS_PASSWORD=password
		4	export OS_AUTH_URL="http://localhost:5000/v2.0/"
		5	export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
		6	export SERVICE_TOKEN=password