Keystone: implement incremental/programatic user additions

Instead of creating tenant/user/role and service/endpoint for all openstack services in keystone postinstall, now each of the services creates keystone identities by itself in its own postinstall. The existing identity.sh has been re-written to be a utility that takes parameters, and the service postinstall calls identity.sh to create its own keystone identities. The identity.sh can also be used as a tool to manually create keystone identities at run time. Signed-off-by: Andy Ning <andy.ning@windriver.com>
author: Andy Ning <andy.ning@windriver.com> 2014-07-16 11:11:18 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2014-07-31 15:15:31 -0400
commit: 1d1bcd7da7e8606db6d2021a3413638267b96714 (patch)
tree: 3fc83fe9ac78522e0ae53aff6c707eab8ddf90b9 /meta-openstack/recipes-devtools/python
parent: dfcdedf2fa46a3dcbfd7d1af300deeae6b496eb7 (diff)
download: meta-cloud-services-1d1bcd7da7e8606db6d2021a3413638267b96714.tar.gz
1 files changed, 210 insertions, 190 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
index 40cc2b3..af99673 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
+++ b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
@@ -1,23 +1,20 @@
 #!/bin/bash
-# Modify these variables as needed
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
-SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
-DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
-export OS_SERVICE_TOKEN="password"
-export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
-SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
 #
-MYSQL_USER=keystone
+# Copyright (C) 2014 Wind River Systems, Inc.
-MYSQL_DATABASE=keystone
+#
-MYSQL_HOST=localhost
+# The identity.sh provides utilities for services to add tenant/role/users,
-MYSQL_PASSWORD=password
+# and service/endpoints into keystone database
 #
-KEYSTONE_REGION=RegionOne
-KEYSTONE_HOST=%CONTROLLER_IP%
+# Use shared secret for authentication before any user created.
+export OS_SERVICE_TOKEN="password"
+export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
+declare -A PARAMS
 # Shortcut function to get a newly generated ID
-function get_field() {
+function get_field () {
    while read data; do
        if [ "$1" -lt 0 ]; then
            field="(\$(NF$1))"
@@ -28,179 +25,202 @@ function get_field() {
    done
 }
-# Tenants
+# Usage help
-keystone tenant-get admin
+help () {
-if [ $? -eq 1 ]; then
+    if [ $# -eq 0 ]; then
-    ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2)
+        echo "Usage: $0 <subcommand> ..."
-else
+        echo ""
-    ADMIN_TENANT=$(keystone tenant-get admin | grep " id " | get_field 2)
+        echo "Keystone CLI wrapper to create tenant/user/role, and service/endpoint."
-fi
+        echo "It uses the default tenant, user and password from environment variables"
-keystone tenant-get demo
+        echo "(OS_TENANT_NAME, OS_USERNAME, OS_PASSWORD) to authenticate with keystone."
-if [ $? -eq 1 ]; then
+        echo ""
-    DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id " | get_field 2)
+        echo "Positional arguments:"
-else
+        echo "  <subcommand>"
-    DEMO_TENANT=$(keystone tenant-get demo | grep " id " | get_field 2)
+        echo "    user-create"
-fi
+        echo "    service-create"
-keystone tenant-get alt_demo
+        echo ""
-if [ $? -eq 1 ]; then
+        echo "See \"identity.sh help COMMAND\" for help on a specific command."
-    ALT_DEMO_TENANT=$(keystone tenant-create --name=alt_demo | grep " id " | get_field 2)
+        exit 0
-else
+    fi
-    ALT_DEMO_TENANT=$(keystone tenant-get alt_demo | grep " id " | get_field 2)
-fi
+    case "$2" in
-keystone tenant-get $SERVICE_TENANT_NAME
+        service-create)
-if [ $? -eq 1 ]; then
+            echo "Usage: $0 $2 [--name=<name>] [--type=<type>] [--description=<description>] [--region=<region>] [--publicurl=<public url>] [--adminurl=<admin url>] [--internalurl=<internal url>]"
-    SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)
+            echo ""
-else
+            echo "Create service and endpoint in keystone."
-    SERVICE_TENANT=$(keystone tenant-get $SERVICE_TENANT_NAME | grep " id " | get_field 2)
+            echo ""
-fi
+            echo "Arguments:"
+            echo "  --name=<name>"
-# Users
+            echo "                  The name of the service"
-keystone user-get admin
+            echo "  --type=<type>"
-if [ $? -eq 1 ]; then
+            echo "                  The type of the service"
-    ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com | grep " id " | get_field 2)
+            echo "  --description=<description>"
-else
+            echo "                  Description of the service"
-    ADMIN_USER=$(keystone user-get admin | grep " id " | get_field 2)
+            echo "  --region=<region>"
-fi
+            echo "                  The region of the service"
-keystone user-get demo
+            echo "  --publicurl=<public url>"
-if [ $? -eq 1 ]; then                                                                                                                           
+            echo "                  Public URL of the service endpoint"
-    DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id " | get_field 2)
+            echo "  --adminurl=<admin url>"
-else
+            echo "                  Admin URL of the service endpoint"
-    DEMO_USER=$(keystone user-get demo | grep " id " | get_field 2)
+            echo "  --internalurl=<internal url>"
-fi
+            echo "                  Internal URL of the service endpoint"
-keystone user-get alt_demo
+            ;;
-if [ $? -eq 1 ]; then
+        user-create)
-    ALT_DEMO_USER=$(keystone user-create --name=alt_demo --pass="$DEMO_PASSWORD" --email=alt_demo@domain.com --tenant-id=$ALT_DEMO_TENANT | grep " id " | get_field 2)
+            echo "Usage: $0 $2 [--name=<name>] [--pass=<password>] [--tenant=<tenant>] [--role=<role>] [--email=<email>]"
-else
+            echo ""
-    ALT_DEMO_USER=$(keystone user-get alt_demo | grep " id " | get_field 2)
+            echo "Arguments:"
-fi
+            echo "  --name=<name>"
-keystone user-get nova
+            echo "                  The name of the user"
-if [ $? -eq 1 ]; then                                                                                                                           
+            echo "  --pass=<password>"
-    NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com | grep " id " | get_field 2)
+            echo "                  The password of the user"
-else
+            echo "  --tenant=<tenant>"
-    NOVA_USER=$(keystone user-get nova | grep " id " | get_field 2)
+            echo "                  The tenant of the user belongs to"
-fi
+            echo "  --role=<role>"
-keystone user-get glance
+            echo "                  The role of the user in the <tenant>"
-if [ $? -eq 1 ]; then                                                                                                                           
+            echo "  --email=<email>"
-    GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com | grep " id " | get_field 2)
+            echo "                  The email of the user"
-else
+            ;;
-    GLANCE_USER=$(keystone user-get glance | grep " id " | get_field 2)
+        *)
-fi
+            echo "Usage: $0 help <subcommand> ..."
-keystone user-get neutron
+            echo ""
-if [ $? -eq 1 ]; then                                                                                                                           
+            exit 0
-    NEUTRON_USER=$(keystone user-create --name=neutron --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=neutron@domain.com | grep " id " | get_field 2)
+            ;;
-else
+    esac
-    NEUTRON_USER=$(keystone user-get neutron | grep " id " | get_field 2)
+}
-fi
-keystone user-get cinder
+# Parse the command line parameters in an map
-if [ $? -eq 1 ]; then                                                                                                                           
+parse_param () {
-    CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com | grep " id " | get_field 2)
+    while [ $# -ne 0 ]; do
-else
+    param=$1
-    CINDER_USER=$(keystone user-get cinder | grep " id " | get_field 2)
+    shift
-fi
-keystone user-get ceilometer
+    key=`echo $param | cut -d '=' -f 1`
-if [ $? -eq 1 ]; then
+    key=`echo $key | tr -d '[-*2]'`
-    CEILOMETER_USER=$(keystone user-create --name=ceilometer --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=ceilometer@domain.com | grep " id " | get_field 2)
+    PARAMS[$key]=`echo $param | cut -d '=' -f 2`
-else
+    done
-    CEILOMETER_USER=$(keystone user-get ceilometer | grep " id " | get_field 2)
+}
-fi
-keystone user-get heat
+# Create tenant/role/user, and add user to the tenant as role
-if [ $? -eq 1 ]; then
+user-create () {
-    HEAT_USER=$(keystone user-create --name=heat --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=heat@domain.com | grep " id " | get_field 2)
+    # validation checking
-else
+    if [[ "$@" =~ ^--name=.*\ --pass=.*\ --tenant=.*\ --role=.*\ --email=.*$ ]]; then
-    HEAT_USER=$(keystone user-get heat | grep " id " | get_field 2)
+        params=`echo "$@" | sed -e 's%--name=\(.*\) --pass=\(.*\) --tenant=\(.*\) --role=\(.*\) --email=\(.*\)%--name=\1|--pass=\2|--tenant=\3|--role=\4|--email=\5%g'`
-fi
+    else
-keystone user-get swift
+        help
-if [ $? -eq 1 ]; then
+        exit 1
-    SWIFT_USER=$(keystone user-create --name=swift --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=swift@domain.com | grep " id " | get_field 2)
+    fi
-else
-    SWIFT_USER=$(keystone user-get swift | grep " id " | get_field 2)
+    # parse the cmdline parameters
-fi
+    IFS="|"
-keystone user-get barbican
+    parse_param $params
-if [ $? -eq 1 ]; then                                                                                                                           
+    unset IFS
-    BARBICAN_USER=$(keystone user-create --name=barbican --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=barbican@domain.com | grep " id " | get_field 2)
-else
+    echo "Adding user in keystone ..."
-    BARBICAN_USER=$(keystone user-get barbican | grep " id " | get_field 2)
-fi
+    if [ "x${PARAMS["tenant"]}" != "x" ]; then
+        # check if tenant exist, create it if not
-# Roles
+        TENANT_ID=$(keystone tenant-get ${PARAMS["tenant"]} | grep " id " | get_field 2)
-keystone role-get admin
+        if [ "x$TENANT_ID" == "x" ]; then
-if [ $? -eq 1 ]; then
+            echo "Creating tenant ${PARAMS["tenant"]} in keystone ..."
-    ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2)
+            TENANT_ID=$(keystone tenant-create --name=${PARAMS["tenant"]} | grep " id " | get_field 2)
-else
+        fi
-    ADMIN_ROLE=$(keystone role-get admin | grep " id " | get_field 2)
+        echo "Tenant list:"
-fi
+        keystone tenant-list
-keystone role-get Member
+    fi
-if [ $? -eq 1 ]; then
-    MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
+    if [ "x${PARAMS["role"]}" != "x" ]; then
-else
+        # check if role exist, create it if not
-    MEMBER_ROLE=$(keystone role-get Member | grep " id " | get_field 2)
+        ROLE_ID=$(keystone role-get ${PARAMS["role"]} | grep " id " | get_field 2)
-fi
+        if [ "x$ROLE_ID" == "x" ]; then
-keystone role-get ResellerAdmin
+            echo "Creating role ${PARAMS["role"]} in keystone ..."
-if [ $? -eq 1 ]; then
+            ROLE_ID=$(keystone role-create --name=${PARAMS["role"]} | grep " id " | get_field 2)
-    RESELLER_ADMIN_ROLE=$(keystone role-create --name=ResellerAdmin | grep " id " | get_field 2)
+        fi
-else
+        echo "Role list:"
-    RESELLER_ADMIN_ROLE=$(keystone role-get ResellerAdmin | grep " id " | get_field 2)
+        keystone role-list
-fi
+    fi
-#  heat stack template user role
-keystone role-create --name heat_stack_user
+    if [ "x${PARAMS["name"]}" != "x" ]; then
+        # check if user exist, create it if not
-# Add Roles to Users in Tenants
+        USER_ID=$(keystone user-get ${PARAMS["name"]} | grep " id " | get_field 2)
-keystone user-role-list --user-id $ADMIN_USER --tenant-id $ADMIN_TENANT &> /dev/null
+        if [ "x$USER_ID" == "x" ]; then
-keystone user-role-add --tenant-id $ADMIN_TENANT --user-id $ADMIN_USER --role-id $ADMIN_ROLE
+            echo "Creating user ${PARAMS["name"]} in keystone ..."
-keystone user-role-add --tenant-id $DEMO_TENANT --user-id $ADMIN_USER --role-id $ADMIN_ROLE
+            USER_ID=$(keystone user-create --name=${PARAMS["name"]} --pass=${PARAMS["pass"]} --tenant-id $TENANT_ID --email=${PARAMS["email"]} | grep " id " | get_field 2)
+        fi
-keystone user-role-list --user-id $NOVA_USER --tenant-id $SERVICE_TENANT &> /dev/null
+        echo "User list:"
-keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
+        keystone user-list
+    fi
-keystone user-role-list --user-id $GLANCE_USER --tenant-id $SERVICE_TENANT &> /dev/null
-keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
+    if [ "x$USER_ID" != "x" ] && [ "x$TENANT_ID" != "x" ] && [ "x$ROLE_ID" != "x" ]; then
+        # add the user to the tenant as role
-keystone user-role-list --user-id $NEUTRON_USER --tenant-id $SERVICE_TENANT &> /dev/null
+        keystone user-role-list --user-id $USER_ID --tenant-id $TENANT_ID | grep $ROLE_ID &> /dev/null
-keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NEUTRON_USER --role-id $ADMIN_ROLE
+        if [ $? -eq 1 ]; then
+            echo "Adding user ${PARAMS["name"]} in tenant ${PARAMS["tenant"]} as ${PARAMS["role"]} ..."
-keystone user-role-list --user-id $CINDER_USER --tenant-id $SERVICE_TENANT &> /dev/null
+            keystone user-role-add --tenant-id $TENANT_ID --user-id $USER_ID --role-id $ROLE_ID
-keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
+        fi
+    fi
-keystone user-role-list --user-id $DEMO_USER --tenant-id $DEMO_TENANT &> /dev/null
-keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE
+    if [ "x$USER_ID" != "x" ] && [ "x$TENANT_ID" != "x" ]; then
+        echo "User ${PARAMS["name"]} in Tenant ${PARAMS["tenant"]} role list:"
-keystone user-role-list --user-id $ALT_DEMO_USER --tenant-id $ALT_DEMO_TENANT &> /dev/null
+        keystone user-role-list --user-id $USER_ID --tenant-id $TENANT_ID
-keystone user-role-add --tenant-id $ALT_DEMO_TENANT --user-id $ALT_DEMO_USER --role-id $MEMBER_ROLE
+    fi
+}
-keystone user-role-list --user-id $CEILOMETER_USER --tenant_id $SERVICE_TENANT &> /dev/null
-keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CEILOMETER_USER --role-id $ADMIN_ROLE
+# Create service and its endpoint
-keystone user-role-add --tenant_id $SERVICE_TENANT --user_id $CEILOMETER_USER --role-id $RESELLER_ADMIN_ROLE
+service-create () {
+    # validation checking
-keystone user-role-add --tenant_id $SERVICE_TENANT --user-id $HEAT_USER --role-id $ADMIN_ROLE
+    if [[ "$@" =~ ^--name=.*\ --type=.*\ --description=.*\ --region=.*\ --publicurl=.*\ --adminurl=.*\ --internalurl=.*$ ]]; then
+        params=`echo "$@" | sed -e 's%--name=\(.*\) --type=\(.*\) --description=\(.*\) --region=\(.*\) --publicurl=\(.*\) --adminurl=\(.*\) --internalurl=\(.*\)%--name=\1|--type=\2|--description=\3|--region=\4|--publicurl=\5|--adminurl=\6|--internalurl=\7%g'`
-keystone user-role-list --user-id $SWIFT_USER --tenant_id $SERVICE_TENANT &> /dev/null
+    else
-keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $SWIFT_USER --role-id $ADMIN_ROLE
+        help
+        exit 1
-keystone user-role-list --user-id $BARBICAN_USER --tenant_id $SERVICE_TENANT &> /dev/null
+    fi
-keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $BARBICAN_USER --role-id $ADMIN_ROLE
+    # parse the cmdline parameters
-# Create services
+    IFS=$"|"
-COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2)
+    parse_param $params
-VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2)
+    unset IFS
-IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2)
-IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2)
+    echo "Creating service in keystone ..."
-EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2)
-NETWORK_SERVICE=$(keystone service-create --name neutron --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)
+    if [ "x${PARAMS["name"]}" != "x" ]; then
-METERING_SERVICE=$(keystone service-create --name ceilometer --type=metering --description='OpenStack Metering Service' | grep " id " | get_field 2)
+        # check if service already created, create it if not
-ORCHESTRATION_SERVICE=$(keystone service-create --name heat --type=orchestration --description='OpenStack Orchestration Service' | grep " id " | get_field 2)
+        SERVICE_ID=$(keystone service-get ${PARAMS["name"]} | grep " id " | get_field 2)
-CLOUDFORMATION_SERVICE=$(keystone service-create --name heat-cfn --type=cloudformation --description='OpenStack Cloudformation Service' | grep " id " | get_field 2)
+        if [ "x$SERVICE_ID" == "x" ]; then
-SWIFT_SERVICE=$(keystone service-create --name swift --type=object-store --description='OpenStack object-store' | grep " id " | get_field 2)
+            echo "Adding service ${PARAMS["name"]} in keystone ..."
-BARBICAN_SERVICE=$(keystone service-create --name barbican --type=keystore --description='Barbican Key Management Service' | grep " id " | get_field 2)
+            SERVICE_ID=$(keystone service-create --name ${PARAMS["name"]} --type ${PARAMS["type"]} --description "${PARAMS["description"]}" | grep " id " | get_field 2)
+        fi
-# Create endpoints
+        echo "Service list:"
-keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'
+        keystone service-list
-keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'
+    fi
-keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9292/v2' --adminurl 'http://'"$KEYSTONE_HOST"':9292/v2' --internalurl 'http://'"$KEYSTONE_HOST"':9292/v2'
-keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST"':5000/v2.0'
+    if [ "x$SERVICE_ID" != "x" ]; then
-keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud'
+        # create its endpoint
-keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9696/' --adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl 'http://'"$KEYSTONE_HOST"':9696/'
+        keystone endpoint-list | grep $SERVICE_ID | grep ${PARAMS["region"]} | grep ${PARAMS["publicurl"]} | grep ${PARAMS["adminurl"]} | grep ${PARAMS["internalurl"]}
-keystone endpoint-create --region $KEYSTONE_REGION --service_id $METERING_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8777/' --adminurl 'http://'"$KEYSTONE_HOST"':8777/' --internalurl 'http://'"$KEYSTONE_HOST"':8777/'
+        if [ $? -eq 1 ]; then
-keystone endpoint-create --region $KEYSTONE_REGION --service_id $ORCHESTRATION_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8004/v1/%(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8004/v1/%(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8004/v1/%(tenant_id)s'
+            echo "Creating endpoint for ${PARAMS["name"]} in keystone ..."
-keystone endpoint-create --region $KEYSTONE_REGION --service_id $CLOUDFORMATION_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8000/v1' --adminurl 'http://'"$KEYSTONE_HOST"':8000/v1' --internalurl 'http://'"$KEYSTONE_HOST"':8000/v1'
+            keystone endpoint-create --region ${PARAMS["region"]} --service-id $SERVICE_ID --publicurl ${PARAMS["publicurl"]} --adminurl ${PARAMS["adminurl"]} --internalurl ${PARAMS["internalurl"]}
-keystone endpoint-create --region $KEYSTONE_REGION --service_id $SWIFT_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8888/v1/AUTH_%(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8888/v1' --internalurl 'http://'"$KEYSTONE_HOST"':8888/v1/AUTH_%(tenant_id)s'
+        fi
-keystone endpoint-create --region $KEYSTONE_REGION --service_id $BARBICAN_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9311/v1' --adminurl 'http://'"$KEYSTONE_HOST"':9312/v1' --internalurl 'http://'"$KEYSTONE_HOST"':9313/v1'
+        echo "Endpoints list:"
+        keystone endpoint-list
+    fi
+}
+case "$1" in
+    service-create)
+        shift
+        service-create $@
+        ;;
+    user-create)
+        shift
+        user-create $@
+        ;;
+    help)
+        help $@
+        ;;
+    *)
+        help
+        exit 0
+        ;;
+esac
+exit 0
author	Andy Ning <andy.ning@windriver.com>	2014-07-16 11:11:18 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2014-07-31 15:15:31 -0400
commit	1d1bcd7da7e8606db6d2021a3413638267b96714 (patch)
tree	3fc83fe9ac78522e0ae53aff6c707eab8ddf90b9 /meta-openstack/recipes-devtools/python
parent	dfcdedf2fa46a3dcbfd7d1af300deeae6b496eb7 (diff)
download	meta-cloud-services-1d1bcd7da7e8606db6d2021a3413638267b96714.tar.gz

diff --git a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh index 40cc2b3..af99673 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh +++ b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
@@ -1,23 +1,20 @@
1	#!/bin/bash	1	#!/bin/bash
2		2
3	# Modify these variables as needed
4	ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
5	SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
6	DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
7	export OS_SERVICE_TOKEN="password"
8	export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
9	SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
10	#	3	#
11	MYSQL_USER=keystone	4	# Copyright (C) 2014 Wind River Systems, Inc.
12	MYSQL_DATABASE=keystone	5	#
13	MYSQL_HOST=localhost	6	# The identity.sh provides utilities for services to add tenant/role/users,
14	MYSQL_PASSWORD=password	7	# and service/endpoints into keystone database
15	#	8	#
16	KEYSTONE_REGION=RegionOne	9
17	KEYSTONE_HOST=%CONTROLLER_IP%	10	# Use shared secret for authentication before any user created.
		11	export OS_SERVICE_TOKEN="password"
		12	export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
		13
		14	declare -A PARAMS
18		15
19	# Shortcut function to get a newly generated ID	16	# Shortcut function to get a newly generated ID
20	function get_field() {	17	function get_field () {
21	while read data; do	18	while read data; do
22	if [ "$1" -lt 0 ]; then	19	if [ "$1" -lt 0 ]; then
23	field="(\$(NF$1))"	20	field="(\$(NF$1))"
@@ -28,179 +25,202 @@ function get_field() {
28	done	25	done
29	}	26	}
30		27
31	# Tenants	28	# Usage help
32	keystone tenant-get admin	29	help () {
33	if [ $? -eq 1 ]; then	30	if [ $# -eq 0 ]; then
34	ADMIN_TENANT=$(keystone tenant-create --name=admin \| grep " id " \| get_field 2)	31	echo "Usage: $0 <subcommand> ..."
35	else	32	echo ""
36	ADMIN_TENANT=$(keystone tenant-get admin \| grep " id " \| get_field 2)	33	echo "Keystone CLI wrapper to create tenant/user/role, and service/endpoint."
37	fi	34	echo "It uses the default tenant, user and password from environment variables"
38	keystone tenant-get demo	35	echo "(OS_TENANT_NAME, OS_USERNAME, OS_PASSWORD) to authenticate with keystone."
39	if [ $? -eq 1 ]; then	36	echo ""
40	DEMO_TENANT=$(keystone tenant-create --name=demo \| grep " id " \| get_field 2)	37	echo "Positional arguments:"
41	else	38	echo " <subcommand>"
42	DEMO_TENANT=$(keystone tenant-get demo \| grep " id " \| get_field 2)	39	echo " user-create"
43	fi	40	echo " service-create"
44	keystone tenant-get alt_demo	41	echo ""
45	if [ $? -eq 1 ]; then	42	echo "See \"identity.sh help COMMAND\" for help on a specific command."
46	ALT_DEMO_TENANT=$(keystone tenant-create --name=alt_demo \| grep " id " \| get_field 2)	43	exit 0
47	else	44	fi
48	ALT_DEMO_TENANT=$(keystone tenant-get alt_demo \| grep " id " \| get_field 2)	45
49	fi	46	case "$2" in
50	keystone tenant-get $SERVICE_TENANT_NAME	47	service-create)
51	if [ $? -eq 1 ]; then	48	echo "Usage: $0 $2 [--name=<name>] [--type=<type>] [--description=<description>] [--region=<region>] [--publicurl=<public url>] [--adminurl=<admin url>] [--internalurl=<internal url>]"
52	SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME \| grep " id " \| get_field 2)	49	echo ""
53	else	50	echo "Create service and endpoint in keystone."
54	SERVICE_TENANT=$(keystone tenant-get $SERVICE_TENANT_NAME \| grep " id " \| get_field 2)	51	echo ""
55	fi	52	echo "Arguments:"
56		53	echo " --name=<name>"
57	# Users	54	echo " The name of the service"
58	keystone user-get admin	55	echo " --type=<type>"
59	if [ $? -eq 1 ]; then	56	echo " The type of the service"
60	ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com \| grep " id " \| get_field 2)	57	echo " --description=<description>"
61	else	58	echo " Description of the service"
62	ADMIN_USER=$(keystone user-get admin \| grep " id " \| get_field 2)	59	echo " --region=<region>"
63	fi	60	echo " The region of the service"
64	keystone user-get demo	61	echo " --publicurl=<public url>"
65	if [ $? -eq 1 ]; then	62	echo " Public URL of the service endpoint"
66	DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT \| grep " id " \| get_field 2)	63	echo " --adminurl=<admin url>"
67	else	64	echo " Admin URL of the service endpoint"
68	DEMO_USER=$(keystone user-get demo \| grep " id " \| get_field 2)	65	echo " --internalurl=<internal url>"
69	fi	66	echo " Internal URL of the service endpoint"
70	keystone user-get alt_demo	67	;;
71	if [ $? -eq 1 ]; then	68	user-create)
72	ALT_DEMO_USER=$(keystone user-create --name=alt_demo --pass="$DEMO_PASSWORD" --email=alt_demo@domain.com --tenant-id=$ALT_DEMO_TENANT \| grep " id " \| get_field 2)	69	echo "Usage: $0 $2 [--name=<name>] [--pass=<password>] [--tenant=<tenant>] [--role=<role>] [--email=<email>]"
73	else	70	echo ""
74	ALT_DEMO_USER=$(keystone user-get alt_demo \| grep " id " \| get_field 2)	71	echo "Arguments:"
75	fi	72	echo " --name=<name>"
76	keystone user-get nova	73	echo " The name of the user"
77	if [ $? -eq 1 ]; then	74	echo " --pass=<password>"
78	NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com \| grep " id " \| get_field 2)	75	echo " The password of the user"
79	else	76	echo " --tenant=<tenant>"
80	NOVA_USER=$(keystone user-get nova \| grep " id " \| get_field 2)	77	echo " The tenant of the user belongs to"
81	fi	78	echo " --role=<role>"
82	keystone user-get glance	79	echo " The role of the user in the <tenant>"
83	if [ $? -eq 1 ]; then	80	echo " --email=<email>"
84	GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com \| grep " id " \| get_field 2)	81	echo " The email of the user"
85	else	82	;;
86	GLANCE_USER=$(keystone user-get glance \| grep " id " \| get_field 2)	83	*)
87	fi	84	echo "Usage: $0 help <subcommand> ..."
88	keystone user-get neutron	85	echo ""
89	if [ $? -eq 1 ]; then	86	exit 0
90	NEUTRON_USER=$(keystone user-create --name=neutron --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=neutron@domain.com \| grep " id " \| get_field 2)	87	;;
91	else	88	esac
92	NEUTRON_USER=$(keystone user-get neutron \| grep " id " \| get_field 2)	89	}
93	fi	90
94	keystone user-get cinder	91	# Parse the command line parameters in an map
95	if [ $? -eq 1 ]; then	92	parse_param () {
96	CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com \| grep " id " \| get_field 2)	93	while [ $# -ne 0 ]; do
97	else	94	param=$1
98	CINDER_USER=$(keystone user-get cinder \| grep " id " \| get_field 2)	95	shift
99	fi	96
100	keystone user-get ceilometer	97	key=`echo $param \| cut -d '=' -f 1`
101	if [ $? -eq 1 ]; then	98	key=`echo $key \| tr -d '[-*2]'`
102	CEILOMETER_USER=$(keystone user-create --name=ceilometer --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=ceilometer@domain.com \| grep " id " \| get_field 2)	99	PARAMS[$key]=`echo $param \| cut -d '=' -f 2`
103	else	100	done
104	CEILOMETER_USER=$(keystone user-get ceilometer \| grep " id " \| get_field 2)	101	}
105	fi	102
106	keystone user-get heat	103	# Create tenant/role/user, and add user to the tenant as role
107	if [ $? -eq 1 ]; then	104	user-create () {
108	HEAT_USER=$(keystone user-create --name=heat --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=heat@domain.com \| grep " id " \| get_field 2)	105	# validation checking
109	else	106	if [[ "$@" =~ ^--name=.\ --pass=.\ --tenant=.\ --role=.\ --email=.*$ ]]; then
110	HEAT_USER=$(keystone user-get heat \| grep " id " \| get_field 2)	107	params=`echo "$@" \| sed -e 's%--name=\(.\) --pass=\(.\) --tenant=\(.\) --role=\(.\) --email=\(.*\)%--name=\1\|--pass=\2\|--tenant=\3\|--role=\4\|--email=\5%g'`
111	fi	108	else
112	keystone user-get swift	109	help
113	if [ $? -eq 1 ]; then	110	exit 1
114	SWIFT_USER=$(keystone user-create --name=swift --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=swift@domain.com \| grep " id " \| get_field 2)	111	fi
115	else	112
116	SWIFT_USER=$(keystone user-get swift \| grep " id " \| get_field 2)	113	# parse the cmdline parameters
117	fi	114	IFS="\|"
118	keystone user-get barbican	115	parse_param $params
119	if [ $? -eq 1 ]; then	116	unset IFS
120	BARBICAN_USER=$(keystone user-create --name=barbican --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=barbican@domain.com \| grep " id " \| get_field 2)	117
121	else	118	echo "Adding user in keystone ..."
122	BARBICAN_USER=$(keystone user-get barbican \| grep " id " \| get_field 2)	119
123	fi	120	if [ "x${PARAMS["tenant"]}" != "x" ]; then
124		121	# check if tenant exist, create it if not
125	# Roles	122	TENANT_ID=$(keystone tenant-get ${PARAMS["tenant"]} \| grep " id " \| get_field 2)
126	keystone role-get admin	123	if [ "x$TENANT_ID" == "x" ]; then
127	if [ $? -eq 1 ]; then	124	echo "Creating tenant ${PARAMS["tenant"]} in keystone ..."
128	ADMIN_ROLE=$(keystone role-create --name=admin \| grep " id " \| get_field 2)	125	TENANT_ID=$(keystone tenant-create --name=${PARAMS["tenant"]} \| grep " id " \| get_field 2)
129	else	126	fi
130	ADMIN_ROLE=$(keystone role-get admin \| grep " id " \| get_field 2)	127	echo "Tenant list:"
131	fi	128	keystone tenant-list
132	keystone role-get Member	129	fi
133	if [ $? -eq 1 ]; then	130
134	MEMBER_ROLE=$(keystone role-create --name=Member \| grep " id " \| get_field 2)	131	if [ "x${PARAMS["role"]}" != "x" ]; then
135	else	132	# check if role exist, create it if not
136	MEMBER_ROLE=$(keystone role-get Member \| grep " id " \| get_field 2)	133	ROLE_ID=$(keystone role-get ${PARAMS["role"]} \| grep " id " \| get_field 2)
137	fi	134	if [ "x$ROLE_ID" == "x" ]; then
138	keystone role-get ResellerAdmin	135	echo "Creating role ${PARAMS["role"]} in keystone ..."
139	if [ $? -eq 1 ]; then	136	ROLE_ID=$(keystone role-create --name=${PARAMS["role"]} \| grep " id " \| get_field 2)
140	RESELLER_ADMIN_ROLE=$(keystone role-create --name=ResellerAdmin \| grep " id " \| get_field 2)	137	fi
141	else	138	echo "Role list:"
142	RESELLER_ADMIN_ROLE=$(keystone role-get ResellerAdmin \| grep " id " \| get_field 2)	139	keystone role-list
143	fi	140	fi
144	# heat stack template user role	141
145	keystone role-create --name heat_stack_user	142	if [ "x${PARAMS["name"]}" != "x" ]; then
146		143	# check if user exist, create it if not
147	# Add Roles to Users in Tenants	144	USER_ID=$(keystone user-get ${PARAMS["name"]} \| grep " id " \| get_field 2)
148	keystone user-role-list --user-id $ADMIN_USER --tenant-id $ADMIN_TENANT &> /dev/null	145	if [ "x$USER_ID" == "x" ]; then
149	keystone user-role-add --tenant-id $ADMIN_TENANT --user-id $ADMIN_USER --role-id $ADMIN_ROLE	146	echo "Creating user ${PARAMS["name"]} in keystone ..."
150	keystone user-role-add --tenant-id $DEMO_TENANT --user-id $ADMIN_USER --role-id $ADMIN_ROLE	147	USER_ID=$(keystone user-create --name=${PARAMS["name"]} --pass=${PARAMS["pass"]} --tenant-id $TENANT_ID --email=${PARAMS["email"]} \| grep " id " \| get_field 2)
151		148	fi
152	keystone user-role-list --user-id $NOVA_USER --tenant-id $SERVICE_TENANT &> /dev/null	149	echo "User list:"
153	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE	150	keystone user-list
154		151	fi
155	keystone user-role-list --user-id $GLANCE_USER --tenant-id $SERVICE_TENANT &> /dev/null	152
156	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE	153	if [ "x$USER_ID" != "x" ] && [ "x$TENANT_ID" != "x" ] && [ "x$ROLE_ID" != "x" ]; then
157		154	# add the user to the tenant as role
158	keystone user-role-list --user-id $NEUTRON_USER --tenant-id $SERVICE_TENANT &> /dev/null	155	keystone user-role-list --user-id $USER_ID --tenant-id $TENANT_ID \| grep $ROLE_ID &> /dev/null
159	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NEUTRON_USER --role-id $ADMIN_ROLE	156	if [ $? -eq 1 ]; then
160		157	echo "Adding user ${PARAMS["name"]} in tenant ${PARAMS["tenant"]} as ${PARAMS["role"]} ..."
161	keystone user-role-list --user-id $CINDER_USER --tenant-id $SERVICE_TENANT &> /dev/null	158	keystone user-role-add --tenant-id $TENANT_ID --user-id $USER_ID --role-id $ROLE_ID
162	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE	159	fi
163		160	fi
164	keystone user-role-list --user-id $DEMO_USER --tenant-id $DEMO_TENANT &> /dev/null	161
165	keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE	162	if [ "x$USER_ID" != "x" ] && [ "x$TENANT_ID" != "x" ]; then
166		163	echo "User ${PARAMS["name"]} in Tenant ${PARAMS["tenant"]} role list:"
167	keystone user-role-list --user-id $ALT_DEMO_USER --tenant-id $ALT_DEMO_TENANT &> /dev/null	164	keystone user-role-list --user-id $USER_ID --tenant-id $TENANT_ID
168	keystone user-role-add --tenant-id $ALT_DEMO_TENANT --user-id $ALT_DEMO_USER --role-id $MEMBER_ROLE	165	fi
169		166	}
170	keystone user-role-list --user-id $CEILOMETER_USER --tenant_id $SERVICE_TENANT &> /dev/null	167
171	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CEILOMETER_USER --role-id $ADMIN_ROLE	168	# Create service and its endpoint
172	keystone user-role-add --tenant_id $SERVICE_TENANT --user_id $CEILOMETER_USER --role-id $RESELLER_ADMIN_ROLE	169	service-create () {
173		170	# validation checking
174	keystone user-role-add --tenant_id $SERVICE_TENANT --user-id $HEAT_USER --role-id $ADMIN_ROLE	171	if [[ "$@" =~ ^--name=.\ --type=.\ --description=.\ --region=.\ --publicurl=.\ --adminurl=.\ --internalurl=.*$ ]]; then
175		172	params=`echo "$@" \| sed -e 's%--name=\(.\) --type=\(.\) --description=\(.\) --region=\(.\) --publicurl=\(.\) --adminurl=\(.\) --internalurl=\(.*\)%--name=\1\|--type=\2\|--description=\3\|--region=\4\|--publicurl=\5\|--adminurl=\6\|--internalurl=\7%g'`
176	keystone user-role-list --user-id $SWIFT_USER --tenant_id $SERVICE_TENANT &> /dev/null	173	else
177	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $SWIFT_USER --role-id $ADMIN_ROLE	174	help
178		175	exit 1
179	keystone user-role-list --user-id $BARBICAN_USER --tenant_id $SERVICE_TENANT &> /dev/null	176	fi
180	keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $BARBICAN_USER --role-id $ADMIN_ROLE	177
181		178	# parse the cmdline parameters
182	# Create services	179	IFS=$"\|"
183	COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' \| grep " id " \| get_field 2)	180	parse_param $params
184	VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' \| grep " id " \| get_field 2)	181	unset IFS
185	IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' \| grep " id " \| get_field 2)	182
186	IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' \| grep " id " \| get_field 2)	183	echo "Creating service in keystone ..."
187	EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' \| grep " id " \| get_field 2)	184
188	NETWORK_SERVICE=$(keystone service-create --name neutron --type network --description 'OpenStack Networking service' \| grep " id " \| get_field 2)	185	if [ "x${PARAMS["name"]}" != "x" ]; then
189	METERING_SERVICE=$(keystone service-create --name ceilometer --type=metering --description='OpenStack Metering Service' \| grep " id " \| get_field 2)	186	# check if service already created, create it if not
190	ORCHESTRATION_SERVICE=$(keystone service-create --name heat --type=orchestration --description='OpenStack Orchestration Service' \| grep " id " \| get_field 2)	187	SERVICE_ID=$(keystone service-get ${PARAMS["name"]} \| grep " id " \| get_field 2)
191	CLOUDFORMATION_SERVICE=$(keystone service-create --name heat-cfn --type=cloudformation --description='OpenStack Cloudformation Service' \| grep " id " \| get_field 2)	188	if [ "x$SERVICE_ID" == "x" ]; then
192	SWIFT_SERVICE=$(keystone service-create --name swift --type=object-store --description='OpenStack object-store' \| grep " id " \| get_field 2)	189	echo "Adding service ${PARAMS["name"]} in keystone ..."
193	BARBICAN_SERVICE=$(keystone service-create --name barbican --type=keystore --description='Barbican Key Management Service' \| grep " id " \| get_field 2)	190	SERVICE_ID=$(keystone service-create --name ${PARAMS["name"]} --type ${PARAMS["type"]} --description "${PARAMS["description"]}" \| grep " id " \| get_field 2)
194		191	fi
195	# Create endpoints	192	echo "Service list:"
196	keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'	193	keystone service-list
197	keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'	194	fi
198	keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9292/v2' --adminurl 'http://'"$KEYSTONE_HOST"':9292/v2' --internalurl 'http://'"$KEYSTONE_HOST"':9292/v2'	195
199	keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST"':5000/v2.0'	196	if [ "x$SERVICE_ID" != "x" ]; then
200	keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud'	197	# create its endpoint
201	keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9696/' --adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl 'http://'"$KEYSTONE_HOST"':9696/'	198	keystone endpoint-list \| grep $SERVICE_ID \| grep ${PARAMS["region"]} \| grep ${PARAMS["publicurl"]} \| grep ${PARAMS["adminurl"]} \| grep ${PARAMS["internalurl"]}
202	keystone endpoint-create --region $KEYSTONE_REGION --service_id $METERING_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8777/' --adminurl 'http://'"$KEYSTONE_HOST"':8777/' --internalurl 'http://'"$KEYSTONE_HOST"':8777/'	199	if [ $? -eq 1 ]; then
203	keystone endpoint-create --region $KEYSTONE_REGION --service_id $ORCHESTRATION_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8004/v1/%(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8004/v1/%(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8004/v1/%(tenant_id)s'	200	echo "Creating endpoint for ${PARAMS["name"]} in keystone ..."
204	keystone endpoint-create --region $KEYSTONE_REGION --service_id $CLOUDFORMATION_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8000/v1' --adminurl 'http://'"$KEYSTONE_HOST"':8000/v1' --internalurl 'http://'"$KEYSTONE_HOST"':8000/v1'	201	keystone endpoint-create --region ${PARAMS["region"]} --service-id $SERVICE_ID --publicurl ${PARAMS["publicurl"]} --adminurl ${PARAMS["adminurl"]} --internalurl ${PARAMS["internalurl"]}
205	keystone endpoint-create --region $KEYSTONE_REGION --service_id $SWIFT_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8888/v1/AUTH_%(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8888/v1' --internalurl 'http://'"$KEYSTONE_HOST"':8888/v1/AUTH_%(tenant_id)s'	202	fi
206	keystone endpoint-create --region $KEYSTONE_REGION --service_id $BARBICAN_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9311/v1' --adminurl 'http://'"$KEYSTONE_HOST"':9312/v1' --internalurl 'http://'"$KEYSTONE_HOST"':9313/v1'	203	echo "Endpoints list:"
		204	keystone endpoint-list
		205	fi
		206	}
		207
		208	case "$1" in
		209	service-create)
		210	shift
		211	service-create $@
		212	;;
		213	user-create)
		214	shift
		215	user-create $@
		216	;;
		217	help)
		218	help $@
		219	;;
		220	*)
		221	help
		222	exit 0
		223	;;
		224	esac
		225
		226	exit 0